General
-
Target
ffb0772aa20b058225e62bd6036b72d6_JaffaCakes118
-
Size
12.7MB
-
Sample
240421-tt1q5aeh85
-
MD5
ffb0772aa20b058225e62bd6036b72d6
-
SHA1
fc0a2feb39f678670ebfeed703d768f334a5865c
-
SHA256
cec80312cba875be63e11a1b05c73baa7baf1328c929749c8bea4dccf64c2259
-
SHA512
d32e0e75b3dde06bfe237cce0125b42fec82a4fc24a310052cf5dbec69e80853a7a2e4d1e29934ba6bfa17a62a884630d5cdb3661f5307f6058062ae4495b302
-
SSDEEP
24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBj:Fnh
Static task
static1
Behavioral task
behavioral1
Sample
ffb0772aa20b058225e62bd6036b72d6_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ffb0772aa20b058225e62bd6036b72d6_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
ffb0772aa20b058225e62bd6036b72d6_JaffaCakes118
-
Size
12.7MB
-
MD5
ffb0772aa20b058225e62bd6036b72d6
-
SHA1
fc0a2feb39f678670ebfeed703d768f334a5865c
-
SHA256
cec80312cba875be63e11a1b05c73baa7baf1328c929749c8bea4dccf64c2259
-
SHA512
d32e0e75b3dde06bfe237cce0125b42fec82a4fc24a310052cf5dbec69e80853a7a2e4d1e29934ba6bfa17a62a884630d5cdb3661f5307f6058062ae4495b302
-
SSDEEP
24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBj:Fnh
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1