General
-
Target
715d071a8f0a8552a002d6347a52e13a_JaffaCakes118
-
Size
268KB
-
Sample
240525-j6nl8abd3z
-
MD5
715d071a8f0a8552a002d6347a52e13a
-
SHA1
b093a35a0b2faff292e497b6f4b0b4ef45d3376f
-
SHA256
f7d8c91adc09d8fee7aef8ab5e0f5a0f0006e77da858317913196983376ab448
-
SHA512
729666be58aa195c28d89e11e28f6c7c514324a496f4726e593efad51b46c6d5116890afeb2b0e127cf1cdcbbac0f16ed1a1f972365e6dcf4fdfd8e595556495
-
SSDEEP
6144:KxxVTj+/q0bykF+hS/e2bm3y+7C30/VFB7koPM4GMMhhGtED0:AeiWykF+PlyVsXDUD0
Static task
static1
Behavioral task
behavioral1
Sample
715d071a8f0a8552a002d6347a52e13a_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
715d071a8f0a8552a002d6347a52e13a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\Users\Admin\Desktop\_READ_THI$_FILE_RV7GEK_.txt
http://p27dokhpz2n7nvgr.onion/780D-A0F8-F958-0446-9D74
http://p27dokhpz2n7nvgr.1a7wnt.top/780D-A0F8-F958-0446-9D74
http://p27dokhpz2n7nvgr.1czh7o.top/780D-A0F8-F958-0446-9D74
http://p27dokhpz2n7nvgr.1hpvzl.top/780D-A0F8-F958-0446-9D74
http://p27dokhpz2n7nvgr.1pglcs.top/780D-A0F8-F958-0446-9D74
http://p27dokhpz2n7nvgr.1cewld.top/780D-A0F8-F958-0446-9D74
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_READ_THI$_FILE_Y3Q20_.txt
http://p27dokhpz2n7nvgr.onion/F8D3-056E-6547-0446-9006
http://p27dokhpz2n7nvgr.1a7wnt.top/F8D3-056E-6547-0446-9006
http://p27dokhpz2n7nvgr.1czh7o.top/F8D3-056E-6547-0446-9006
http://p27dokhpz2n7nvgr.1hpvzl.top/F8D3-056E-6547-0446-9006
http://p27dokhpz2n7nvgr.1pglcs.top/F8D3-056E-6547-0446-9006
http://p27dokhpz2n7nvgr.1cewld.top/F8D3-056E-6547-0446-9006
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_READ_THI$_FILE_OUNO_.hta
cerber
Targets
-
-
Target
715d071a8f0a8552a002d6347a52e13a_JaffaCakes118
-
Size
268KB
-
MD5
715d071a8f0a8552a002d6347a52e13a
-
SHA1
b093a35a0b2faff292e497b6f4b0b4ef45d3376f
-
SHA256
f7d8c91adc09d8fee7aef8ab5e0f5a0f0006e77da858317913196983376ab448
-
SHA512
729666be58aa195c28d89e11e28f6c7c514324a496f4726e593efad51b46c6d5116890afeb2b0e127cf1cdcbbac0f16ed1a1f972365e6dcf4fdfd8e595556495
-
SSDEEP
6144:KxxVTj+/q0bykF+hS/e2bm3y+7C30/VFB7koPM4GMMhhGtED0:AeiWykF+PlyVsXDUD0
Score10/10-
Blocklisted process makes network request
-
Contacts a large (1095) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-