General
-
Target
705c2b13d5d0caab530fd164f5c42737_JaffaCakes118
-
Size
1.2MB
-
Sample
240525-bayhjsgh2v
-
MD5
705c2b13d5d0caab530fd164f5c42737
-
SHA1
95a01b3175fd001181d7934179080cad1b7d165a
-
SHA256
29f4f70a0293a42dde5344c9089268aa902b9ac36615d4e37aea86d40b25c50b
-
SHA512
203ccd063a3e2ed0a1e7d4a3f39d011961d6b59da82ce360b1e2fce94ca57ef14f15c3497e6ced341d5a7e94804f4fd29cb9ff690c00f36656eb3744a99b1396
-
SSDEEP
24576:eu6Jx3O0c+JY5UZ+XC0kGso/WachULZRAD2UQkc1WY:wI0c++OCvkGsUWachU8ijktY
Static task
static1
Behavioral task
behavioral1
Sample
705c2b13d5d0caab530fd164f5c42737_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
nanocore
1.2.2.0
185.244.30.102:2040
cf9afa33-7d4e-4680-83ad-5c3f554b3cdb
-
activate_away_mode
true
-
backup_connection_host
185.244.30.102
-
backup_dns_server
84.200.70.40
-
buffer_size
65535
-
build_time
2019-09-27T17:28:08.514592736Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
2040
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
cf9afa33-7d4e-4680-83ad-5c3f554b3cdb
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
185.244.30.102
-
primary_dns_server
84.200.69.80
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
705c2b13d5d0caab530fd164f5c42737_JaffaCakes118
-
Size
1.2MB
-
MD5
705c2b13d5d0caab530fd164f5c42737
-
SHA1
95a01b3175fd001181d7934179080cad1b7d165a
-
SHA256
29f4f70a0293a42dde5344c9089268aa902b9ac36615d4e37aea86d40b25c50b
-
SHA512
203ccd063a3e2ed0a1e7d4a3f39d011961d6b59da82ce360b1e2fce94ca57ef14f15c3497e6ced341d5a7e94804f4fd29cb9ff690c00f36656eb3744a99b1396
-
SSDEEP
24576:eu6Jx3O0c+JY5UZ+XC0kGso/WachULZRAD2UQkc1WY:wI0c++OCvkGsUWachU8ijktY
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-