General
-
Target
5b4966b97a3e3979116e52661911d864_JaffaCakes118
-
Size
922KB
-
Sample
240519-y5gvlsgb8y
-
MD5
5b4966b97a3e3979116e52661911d864
-
SHA1
dfd59d35031a179590e5ad0c62af4a3ad258809a
-
SHA256
520a9841c77609dc1c87d0cc7e8ca7ac4e36fb9a78c4401e056c12585ceaec04
-
SHA512
a1c5abc309def3522556bfc43b75f3d6fd63f861e6070c2483e1cffa0de019a098c63e4fcba0488b94eaa879eb9298113c31c5378cf633ad06847fcde364a94f
-
SSDEEP
24576:f2O/GlVZNLG62ZnMCpdfnwYiOxNOCLs2lQlZP69/:cZsdPoYPuri9/
Static task
static1
Behavioral task
behavioral1
Sample
5b4966b97a3e3979116e52661911d864_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5b4966b97a3e3979116e52661911d864_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
nanocore
1.2.2.0
kgentle77.hopto.org:58887
1515e7d6-0e18-4f91-8b5b-e41fb83e4640
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-07-11T13:50:06.165219536Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
58887
-
default_group
kgentle
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
1515e7d6-0e18-4f91-8b5b-e41fb83e4640
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
kgentle77.hopto.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
5b4966b97a3e3979116e52661911d864_JaffaCakes118
-
Size
922KB
-
MD5
5b4966b97a3e3979116e52661911d864
-
SHA1
dfd59d35031a179590e5ad0c62af4a3ad258809a
-
SHA256
520a9841c77609dc1c87d0cc7e8ca7ac4e36fb9a78c4401e056c12585ceaec04
-
SHA512
a1c5abc309def3522556bfc43b75f3d6fd63f861e6070c2483e1cffa0de019a098c63e4fcba0488b94eaa879eb9298113c31c5378cf633ad06847fcde364a94f
-
SSDEEP
24576:f2O/GlVZNLG62ZnMCpdfnwYiOxNOCLs2lQlZP69/:cZsdPoYPuri9/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-