General
-
Target
44dad11665cd5a9800ed08198ae7ebbc_JaffaCakes118
-
Size
142KB
-
Sample
240515-g2e36scf6z
-
MD5
44dad11665cd5a9800ed08198ae7ebbc
-
SHA1
b3ee9d36dc27527d6ea80a802f8fd80a6657a3d2
-
SHA256
b90f0d7494597f2a6f1fe3ac4c6f9555ed52a9c969707765b7266cfad1310105
-
SHA512
786ed557c674a91c525a5162b4b781b9092fd45c02ae282314ce8b7630365e4a46835c90b30c64196b9f56234675715212fd4a908c5ef92cec6babbbad839d78
-
SSDEEP
3072:jO8/FLfg56rzTkYfiL2+jKfgi4m5nuGFU6W6WNE6b37:p9TzwFLnKP46uC
Static task
static1
Behavioral task
behavioral1
Sample
44dad11665cd5a9800ed08198ae7ebbc_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
44dad11665cd5a9800ed08198ae7ebbc_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
44dad11665cd5a9800ed08198ae7ebbc_JaffaCakes118
-
Size
142KB
-
MD5
44dad11665cd5a9800ed08198ae7ebbc
-
SHA1
b3ee9d36dc27527d6ea80a802f8fd80a6657a3d2
-
SHA256
b90f0d7494597f2a6f1fe3ac4c6f9555ed52a9c969707765b7266cfad1310105
-
SHA512
786ed557c674a91c525a5162b4b781b9092fd45c02ae282314ce8b7630365e4a46835c90b30c64196b9f56234675715212fd4a908c5ef92cec6babbbad839d78
-
SSDEEP
3072:jO8/FLfg56rzTkYfiL2+jKfgi4m5nuGFU6W6WNE6b37:p9TzwFLnKP46uC
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1