General
-
Target
924e5824014d9c8fc0eeb8ff7bad9d7d_JaffaCakes118
-
Size
679KB
-
Sample
240603-s5gxqacd56
-
MD5
924e5824014d9c8fc0eeb8ff7bad9d7d
-
SHA1
1e902c04f0cdbc9a96049a5713050474baf907d0
-
SHA256
1e064eb8c153c57a0b0d5c0d4a5e95195955c764044f46412ebb8c00040e1928
-
SHA512
099dc55d4d67fe3e4e4071a51371c4ef1e14c2347fedfa8643f8bd39a79740b610fbbb775cfad2a82168eff12f02d507c3fe5f81d88a3ad98418069673e8771a
-
SSDEEP
12288:XQXYPcOvIuaxg1ms5S1hq3JonqMxFGlWARHT2Pn:X53vTPckMh5UlWcCPn
Static task
static1
Behavioral task
behavioral1
Sample
924e5824014d9c8fc0eeb8ff7bad9d7d_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
924e5824014d9c8fc0eeb8ff7bad9d7d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
924e5824014d9c8fc0eeb8ff7bad9d7d_JaffaCakes118
-
Size
679KB
-
MD5
924e5824014d9c8fc0eeb8ff7bad9d7d
-
SHA1
1e902c04f0cdbc9a96049a5713050474baf907d0
-
SHA256
1e064eb8c153c57a0b0d5c0d4a5e95195955c764044f46412ebb8c00040e1928
-
SHA512
099dc55d4d67fe3e4e4071a51371c4ef1e14c2347fedfa8643f8bd39a79740b610fbbb775cfad2a82168eff12f02d507c3fe5f81d88a3ad98418069673e8771a
-
SSDEEP
12288:XQXYPcOvIuaxg1ms5S1hq3JonqMxFGlWARHT2Pn:X53vTPckMh5UlWcCPn
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-