General
-
Target
6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118
-
Size
321KB
-
Sample
240524-w1gypseh77
-
MD5
6f6df11c0814860cc5a4fe7a9db87cc9
-
SHA1
539bbcc5ec63af4255a65e20ffb1352338cf41d2
-
SHA256
304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
-
SHA512
82bf7779e05bd6a734e51747f8fa8f879853c9869f88ecc0f7bf6bf13aeacdd47e7c506b9dde688c955c1f688f2889f8a8c92d263fcb411ec8663a43fe6ce31c
-
SSDEEP
6144:Fy9xbRMPI1qIELTUbTvfjstzx6UqUxaUWEN:Fwi
Static task
static1
Behavioral task
behavioral1
Sample
6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118
-
Size
321KB
-
MD5
6f6df11c0814860cc5a4fe7a9db87cc9
-
SHA1
539bbcc5ec63af4255a65e20ffb1352338cf41d2
-
SHA256
304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
-
SHA512
82bf7779e05bd6a734e51747f8fa8f879853c9869f88ecc0f7bf6bf13aeacdd47e7c506b9dde688c955c1f688f2889f8a8c92d263fcb411ec8663a43fe6ce31c
-
SSDEEP
6144:Fy9xbRMPI1qIELTUbTvfjstzx6UqUxaUWEN:Fwi
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies security service
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-