General
-
Target
51ddbe4cbd6cf9e71ed36656961f62ac_JaffaCakes118
-
Size
2.1MB
-
Sample
240517-2p1jkafa3x
-
MD5
51ddbe4cbd6cf9e71ed36656961f62ac
-
SHA1
d4515419337741285e9ddefa13c4ad02f8dea4dd
-
SHA256
b2fb69fe5a4d38d7c2ee4c2a9aa7badac6f342ec93fca10de04a4d9b2893fa56
-
SHA512
3afee0f39b039b4551b77ea38029b5cef2aed7fd9db7f70bb8dd7a61e4abb4a5ec712bdfa92e3b20a8063db2440e4d13e1cf2547f59489d830b316563556fa99
-
SSDEEP
49152:rh5n9jt3/btUZhdrQ31JeuhO45Eg9wVwdOv:RFgrQ3j/g45Eg9wiOv
Static task
static1
Behavioral task
behavioral1
Sample
51ddbe4cbd6cf9e71ed36656961f62ac_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
51ddbe4cbd6cf9e71ed36656961f62ac_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
51ddbe4cbd6cf9e71ed36656961f62ac_JaffaCakes118
-
Size
2.1MB
-
MD5
51ddbe4cbd6cf9e71ed36656961f62ac
-
SHA1
d4515419337741285e9ddefa13c4ad02f8dea4dd
-
SHA256
b2fb69fe5a4d38d7c2ee4c2a9aa7badac6f342ec93fca10de04a4d9b2893fa56
-
SHA512
3afee0f39b039b4551b77ea38029b5cef2aed7fd9db7f70bb8dd7a61e4abb4a5ec712bdfa92e3b20a8063db2440e4d13e1cf2547f59489d830b316563556fa99
-
SSDEEP
49152:rh5n9jt3/btUZhdrQ31JeuhO45Eg9wVwdOv:RFgrQ3j/g45Eg9wiOv
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-