General
-
Target
2df0efab31c179fca398f53acbd07996_JaffaCakes118
-
Size
1.9MB
-
Sample
240510-hyajyshd7z
-
MD5
2df0efab31c179fca398f53acbd07996
-
SHA1
e008e93a33b8a9e3e69c52c9e4d77d6869dd1572
-
SHA256
2bfbb0075c4516b585483c8b634ed9e4b2c66b93772a3a0852f9372870ec9150
-
SHA512
4dda43460bf711f1e1997f971b320590c24be930cfb34607114a1507423e75d85af9962d33ff0e243d321ae48c6f7b742c3e0a0b93e3a23b68e505c9e94d0ac0
-
SSDEEP
49152:hu0c++OCvkGs9Fa4QeQ2Rqcahual69JcmuY:UB3vkJ9ieBRqtM9emu
Static task
static1
Behavioral task
behavioral1
Sample
2df0efab31c179fca398f53acbd07996_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
nanocore
1.2.2.0
194.5.99.227:1985
127.0.0.1:1985
a80e9449-18de-40cb-940a-68e32f6dceaa
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-12-07T14:11:55.930577436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1985
-
default_group
2020
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
a80e9449-18de-40cb-940a-68e32f6dceaa
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
194.5.99.227
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
2df0efab31c179fca398f53acbd07996_JaffaCakes118
-
Size
1.9MB
-
MD5
2df0efab31c179fca398f53acbd07996
-
SHA1
e008e93a33b8a9e3e69c52c9e4d77d6869dd1572
-
SHA256
2bfbb0075c4516b585483c8b634ed9e4b2c66b93772a3a0852f9372870ec9150
-
SHA512
4dda43460bf711f1e1997f971b320590c24be930cfb34607114a1507423e75d85af9962d33ff0e243d321ae48c6f7b742c3e0a0b93e3a23b68e505c9e94d0ac0
-
SSDEEP
49152:hu0c++OCvkGs9Fa4QeQ2Rqcahual69JcmuY:UB3vkJ9ieBRqtM9emu
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-