General
-
Target
6a0b7d61d26b7d35d7dd073ff7c6b39f_JaffaCakes118
-
Size
12.2MB
-
Sample
240523-hal8vagd9t
-
MD5
6a0b7d61d26b7d35d7dd073ff7c6b39f
-
SHA1
6d662f848047236a71d06e036bd29cceba4c456d
-
SHA256
a4a5d72aa2ec436ab2f2783d5fde68a0bd4f62f614a4521062a97b8bf4d67bae
-
SHA512
616dba068db408f752ff666a16fdd79228e631113e8b68da94d72ae6af3e75efd10d39a8153e185b12998dde8ee77625317b7692440ffef4fd6e680e62589ecb
-
SSDEEP
196608:5KDB+N3oP1HqwmJ8EHlfTCW6EW4simvlGAD7etbYPvbJQlH0CtWeZ8C4+HhNsouR:UZP1KwCteW6EW3imt1ekJQlUcBxu
Behavioral task
behavioral1
Sample
6a0b7d61d26b7d35d7dd073ff7c6b39f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6a0b7d61d26b7d35d7dd073ff7c6b39f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6a0b7d61d26b7d35d7dd073ff7c6b39f_JaffaCakes118
-
Size
12.2MB
-
MD5
6a0b7d61d26b7d35d7dd073ff7c6b39f
-
SHA1
6d662f848047236a71d06e036bd29cceba4c456d
-
SHA256
a4a5d72aa2ec436ab2f2783d5fde68a0bd4f62f614a4521062a97b8bf4d67bae
-
SHA512
616dba068db408f752ff666a16fdd79228e631113e8b68da94d72ae6af3e75efd10d39a8153e185b12998dde8ee77625317b7692440ffef4fd6e680e62589ecb
-
SSDEEP
196608:5KDB+N3oP1HqwmJ8EHlfTCW6EW4simvlGAD7etbYPvbJQlH0CtWeZ8C4+HhNsouR:UZP1KwCteW6EW3imt1ekJQlUcBxu
Score8/10-
Sets service image path in registry
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-