General
-
Target
b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118
-
Size
236KB
-
Sample
240616-yz2b3awbla
-
MD5
b4fe51a46727b61c1f6e4fa7b5012837
-
SHA1
9a513e9efc6ea9281b3df900e551d4108077832c
-
SHA256
0eb64bdbcabb0ca927dd7fae97e2cabce438a63bcf72d19b4e8dd75ebadc8a88
-
SHA512
9c8e4ff8b3941e8e4c5dd0af89b8a757b94abf48c32069653be59518bfdbd3db1c3ac1f53ef128634ad2461b2ae57f819231a4da15d7f657ee8375f7c2b2a9cb
-
SSDEEP
3072:Qv5SYl6fCyKvEMcDHSHwirYFYNDwsdoBjSqkCo7u7ZmSrC1qJE/:QBF6KyCvlrYy8sdGmUo7u7wt0e
Static task
static1
Behavioral task
behavioral1
Sample
b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
musicvideotips.ru
musicvideoporntips.ru
-
exe_type
worker
Targets
-
-
Target
b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118
-
Size
236KB
-
MD5
b4fe51a46727b61c1f6e4fa7b5012837
-
SHA1
9a513e9efc6ea9281b3df900e551d4108077832c
-
SHA256
0eb64bdbcabb0ca927dd7fae97e2cabce438a63bcf72d19b4e8dd75ebadc8a88
-
SHA512
9c8e4ff8b3941e8e4c5dd0af89b8a757b94abf48c32069653be59518bfdbd3db1c3ac1f53ef128634ad2461b2ae57f819231a4da15d7f657ee8375f7c2b2a9cb
-
SSDEEP
3072:Qv5SYl6fCyKvEMcDHSHwirYFYNDwsdoBjSqkCo7u7ZmSrC1qJE/:QBF6KyCvlrYy8sdGmUo7u7wt0e
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3