General
-
Target
6b0241a7c15a54f66ef753d8a6cdfb49_JaffaCakes118
-
Size
524KB
-
Sample
240523-p56pasbd95
-
MD5
6b0241a7c15a54f66ef753d8a6cdfb49
-
SHA1
77934b75c9772140fddf10b051134582b0609665
-
SHA256
cfa74acf53afaa2fd61de7ef079cdc4a33dbff99c9f4a93d49570d4aaf52b8e2
-
SHA512
ea92a80b221721c37cf643c17d8c4251109314cfff85f454c5b6be5055e3a1ffc0a5466b79329147745fa737d3559169565cb64e5333b7e4e2477175e3f80867
-
SSDEEP
12288:KgIdCFdSZHZZQEnI0qoXKvawR0driSKUdWLlERv3NyvJqD:BYYSZ5ZQNiKvawRpAdQER/NyvED
Static task
static1
Behavioral task
behavioral1
Sample
6b0241a7c15a54f66ef753d8a6cdfb49_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6b0241a7c15a54f66ef753d8a6cdfb49_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6b0241a7c15a54f66ef753d8a6cdfb49_JaffaCakes118
-
Size
524KB
-
MD5
6b0241a7c15a54f66ef753d8a6cdfb49
-
SHA1
77934b75c9772140fddf10b051134582b0609665
-
SHA256
cfa74acf53afaa2fd61de7ef079cdc4a33dbff99c9f4a93d49570d4aaf52b8e2
-
SHA512
ea92a80b221721c37cf643c17d8c4251109314cfff85f454c5b6be5055e3a1ffc0a5466b79329147745fa737d3559169565cb64e5333b7e4e2477175e3f80867
-
SSDEEP
12288:KgIdCFdSZHZZQEnI0qoXKvawR0driSKUdWLlERv3NyvJqD:BYYSZ5ZQNiKvawRpAdQER/NyvED
Score10/10-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-