General
-
Target
9acfb27a482a0ac42cd9caf72a24545c_JaffaCakes118
-
Size
352KB
-
Sample
240610-qpx8naxbrb
-
MD5
9acfb27a482a0ac42cd9caf72a24545c
-
SHA1
b8c2d6639427c9343383ce21eff355974ea550a4
-
SHA256
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d
-
SHA512
edf966e22dba430d66718ae0a7cfc6d2b4c5b92a3eb8092872dbfb8221bc70bcb868c4a044e9323923582b3cb0d4580d7eb81201282119ff3a33c94995b9014f
-
SSDEEP
6144:OqxxwoLIoklLgkgguVHkb/a3hftL4nzgvwZL:zldkl61VEb/a3BtL4nzgA
Static task
static1
Behavioral task
behavioral1
Sample
9acfb27a482a0ac42cd9caf72a24545c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9acfb27a482a0ac42cd9caf72a24545c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
9acfb27a482a0ac42cd9caf72a24545c_JaffaCakes118
-
Size
352KB
-
MD5
9acfb27a482a0ac42cd9caf72a24545c
-
SHA1
b8c2d6639427c9343383ce21eff355974ea550a4
-
SHA256
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d
-
SHA512
edf966e22dba430d66718ae0a7cfc6d2b4c5b92a3eb8092872dbfb8221bc70bcb868c4a044e9323923582b3cb0d4580d7eb81201282119ff3a33c94995b9014f
-
SSDEEP
6144:OqxxwoLIoklLgkgguVHkb/a3hftL4nzgvwZL:zldkl61VEb/a3BtL4nzgA
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2