General
-
Target
6695e787f16834aba9284a71dbb79820_JaffaCakes118
-
Size
245KB
-
Sample
240522-j1dvtshc4s
-
MD5
6695e787f16834aba9284a71dbb79820
-
SHA1
e6e8ec98c4461a9b30ef88a8ef62912558ecb79a
-
SHA256
9b615cbd7e76bd7ba8eb200282d80eeb80acf6d7093b91eb539b61fe5f56f94d
-
SHA512
54d70f84b4f5380afd7e06ae9fd159bb31b6eae426ab36e362b41621b96c8759cf8282b8e9f44c494d06de2406a915d9cb886e053f0d30b33715f5145aa41f1e
-
SSDEEP
6144:9UE++GgnpJVavnLXjcKvgNclkJh5aY3+mr1:9zZGgdavnVvc5aYumr
Static task
static1
Behavioral task
behavioral1
Sample
6695e787f16834aba9284a71dbb79820_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
goliathuz.com
musicvideoporntip3s.ru
-
exe_type
worker
Targets
-
-
Target
6695e787f16834aba9284a71dbb79820_JaffaCakes118
-
Size
245KB
-
MD5
6695e787f16834aba9284a71dbb79820
-
SHA1
e6e8ec98c4461a9b30ef88a8ef62912558ecb79a
-
SHA256
9b615cbd7e76bd7ba8eb200282d80eeb80acf6d7093b91eb539b61fe5f56f94d
-
SHA512
54d70f84b4f5380afd7e06ae9fd159bb31b6eae426ab36e362b41621b96c8759cf8282b8e9f44c494d06de2406a915d9cb886e053f0d30b33715f5145aa41f1e
-
SSDEEP
6144:9UE++GgnpJVavnLXjcKvgNclkJh5aY3+mr1:9zZGgdavnVvc5aYumr
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
3Hide Artifacts
1Hidden Files and Directories
1