General
-
Target
96fd43b69a51f46341a4d484d932889e_JaffaCakes118
-
Size
440KB
-
Sample
240605-cszn1acb87
-
MD5
96fd43b69a51f46341a4d484d932889e
-
SHA1
7f850bd3c9ce83fcf3c9a99fd05ab7bd48c5ba08
-
SHA256
75730d29517795356ca4bfd16f45e0e0dc971166ab377f3f218398a3ebb26278
-
SHA512
0583e3fa005d75b0095be17d31cd040d4e3eb0ac5bd85e114f492ac41a3ba1369672137e21bdc439e36319ab2c6c7ab2e6dffbfa2a21f043d2710b2aba1a9256
-
SSDEEP
6144:hcYPNS/ePNS/BRT7P1Fncp4sBZ5Alkj1JujzyMO5Hp5/32k:hlP/PAT7dte4qZ5rpoj+MOVph2k
Static task
static1
Behavioral task
behavioral1
Sample
96fd43b69a51f46341a4d484d932889e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
96fd43b69a51f46341a4d484d932889e_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
96fd43b69a51f46341a4d484d932889e_JaffaCakes118
-
Size
440KB
-
MD5
96fd43b69a51f46341a4d484d932889e
-
SHA1
7f850bd3c9ce83fcf3c9a99fd05ab7bd48c5ba08
-
SHA256
75730d29517795356ca4bfd16f45e0e0dc971166ab377f3f218398a3ebb26278
-
SHA512
0583e3fa005d75b0095be17d31cd040d4e3eb0ac5bd85e114f492ac41a3ba1369672137e21bdc439e36319ab2c6c7ab2e6dffbfa2a21f043d2710b2aba1a9256
-
SSDEEP
6144:hcYPNS/ePNS/BRT7P1Fncp4sBZ5Alkj1JujzyMO5Hp5/32k:hlP/PAT7dte4qZ5rpoj+MOVph2k
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-