General
-
Target
8af1ce5d6c752384f75cfcbdd64a3a0e_JaffaCakes118
-
Size
365KB
-
Sample
240601-s7ym9age83
-
MD5
8af1ce5d6c752384f75cfcbdd64a3a0e
-
SHA1
ed0fbee2891faeaad9d00bf12db970c8631ea5df
-
SHA256
18983672df35273826ce71d6abdd66ec69f95b4b315b2e10b1d3836ee4c52ea8
-
SHA512
b6107ffe6f9c00bbf8175058c8b37f462c87428221d857a56b71c58ec27283e979d505df706ca20892413fcbfffbfa3307a9553641d2ffb2bf3b9e85cf77c1f5
-
SSDEEP
6144:Y4/aPvK/KImIOkxts7FM7hi4eqT3yd5+wBcfWFkzJe6o0G:x/AvKSImrkxkM7hPO5+wefWFk9e6
Static task
static1
Behavioral task
behavioral1
Sample
8af1ce5d6c752384f75cfcbdd64a3a0e_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8af1ce5d6c752384f75cfcbdd64a3a0e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
8af1ce5d6c752384f75cfcbdd64a3a0e_JaffaCakes118
-
Size
365KB
-
MD5
8af1ce5d6c752384f75cfcbdd64a3a0e
-
SHA1
ed0fbee2891faeaad9d00bf12db970c8631ea5df
-
SHA256
18983672df35273826ce71d6abdd66ec69f95b4b315b2e10b1d3836ee4c52ea8
-
SHA512
b6107ffe6f9c00bbf8175058c8b37f462c87428221d857a56b71c58ec27283e979d505df706ca20892413fcbfffbfa3307a9553641d2ffb2bf3b9e85cf77c1f5
-
SSDEEP
6144:Y4/aPvK/KImIOkxts7FM7hi4eqT3yd5+wBcfWFkzJe6o0G:x/AvKSImrkxkM7hPO5+wefWFk9e6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-