General
-
Target
2931f64fa2442c4d391ee83e01123241_JaffaCakes118
-
Size
482KB
-
Sample
240509-ks2glahe91
-
MD5
2931f64fa2442c4d391ee83e01123241
-
SHA1
2bbaa0ed4f92eada2f493545ea67828fd124d2d9
-
SHA256
c9f0dd1df87159435a15a4599c9d3970ea944fca4135b685bb19cf1dccf534e9
-
SHA512
5afc6d8e0958d0e45d833f335999a51e424a087f3fe2bd57e3bab47fee10a262f20e5e385fb0132b1d074e3ac858459831b526ccdeaad7daa5815396a5db0622
-
SSDEEP
12288:vi9XafQUwPykIL+Q6ud1ayxhcusv6GYFH+Q4SNDZbONML:y+bsyGYFHt4SdOs
Static task
static1
Behavioral task
behavioral1
Sample
2931f64fa2442c4d391ee83e01123241_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
nanocore
1.2.2.0
spartacus2017.ddns.net:24005
127.0.0.1:24005
cfbc7c9c-254f-4c88-afce-d7277a99a1a0
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-01-29T16:41:01.536496436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
24005
-
default_group
WINNERS
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
cfbc7c9c-254f-4c88-afce-d7277a99a1a0
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
spartacus2017.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
2931f64fa2442c4d391ee83e01123241_JaffaCakes118
-
Size
482KB
-
MD5
2931f64fa2442c4d391ee83e01123241
-
SHA1
2bbaa0ed4f92eada2f493545ea67828fd124d2d9
-
SHA256
c9f0dd1df87159435a15a4599c9d3970ea944fca4135b685bb19cf1dccf534e9
-
SHA512
5afc6d8e0958d0e45d833f335999a51e424a087f3fe2bd57e3bab47fee10a262f20e5e385fb0132b1d074e3ac858459831b526ccdeaad7daa5815396a5db0622
-
SSDEEP
12288:vi9XafQUwPykIL+Q6ud1ayxhcusv6GYFH+Q4SNDZbONML:y+bsyGYFHt4SdOs
-
Drops startup file
-
Suspicious use of SetThreadContext
-