General
-
Target
32bac261f3d6358752ee0d00033f49ab_JaffaCakes118
-
Size
237KB
-
Sample
240511-e5p2faga93
-
MD5
32bac261f3d6358752ee0d00033f49ab
-
SHA1
013c0e3eeca08a9b5106d852ad01da83992b6d1d
-
SHA256
d3e229c8ab30581ddd77188dc1f859537a2f6505e2cdd52caffec99e5f230091
-
SHA512
70029b99965f465443a45ab6340ed8ea2cc11b1dc9038f7850f6580a1617d99bba953eca6e45eae95f22bb15a29f70b57898ef4897a95e34cf2a9d6638188249
-
SSDEEP
3072:9zEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIxUNE+nmoKWn3ExNVTzz9TeghA:9LV6Bta6dtJmakIM5RqDxVTFx2KOSgai
Behavioral task
behavioral1
Sample
32bac261f3d6358752ee0d00033f49ab_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
nanocore
1.2.2.0
73.203.93.150:1085
127.0.0.1:1085
e2ca0925-91fe-4e9a-b740-6fcc9bd6beed
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-12-15T01:34:01.702911136Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1085
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
e2ca0925-91fe-4e9a-b740-6fcc9bd6beed
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
73.203.93.150
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
32bac261f3d6358752ee0d00033f49ab_JaffaCakes118
-
Size
237KB
-
MD5
32bac261f3d6358752ee0d00033f49ab
-
SHA1
013c0e3eeca08a9b5106d852ad01da83992b6d1d
-
SHA256
d3e229c8ab30581ddd77188dc1f859537a2f6505e2cdd52caffec99e5f230091
-
SHA512
70029b99965f465443a45ab6340ed8ea2cc11b1dc9038f7850f6580a1617d99bba953eca6e45eae95f22bb15a29f70b57898ef4897a95e34cf2a9d6638188249
-
SSDEEP
3072:9zEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIxUNE+nmoKWn3ExNVTzz9TeghA:9LV6Bta6dtJmakIM5RqDxVTFx2KOSgai
-
Adds Run key to start application
-