General
-
Target
ba278ec040eb5df044a5baf5ca95fb2f_JaffaCakes118
-
Size
988KB
-
Sample
240617-3qe5paygld
-
MD5
ba278ec040eb5df044a5baf5ca95fb2f
-
SHA1
2cd4a508be34ec1be76e47c6891bbfcd579bc9b6
-
SHA256
d90dc3f22cc7bd92f22bafa9d77b0e373849386eae57606b42239f915357084a
-
SHA512
9e1a4d7c8af370a625e11703730dcc599a5a8622f876f14d41b5678f014da5521944758847f87e96c8e89224272060d2d07ec37ad3b8b78040cbcab5cd9e7eb2
-
SSDEEP
12288:g5ZgdOO/46Dn2+wtP4KuHOWhEaApq0SMFqYOHNhBTgfikOL7pHvjJ5Jw8q1Dfkla:gPE/ytHuu8oSwe3BTrfJrvO8q1Bf
Static task
static1
Behavioral task
behavioral1
Sample
ba278ec040eb5df044a5baf5ca95fb2f_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ba278ec040eb5df044a5baf5ca95fb2f_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
ba278ec040eb5df044a5baf5ca95fb2f_JaffaCakes118
-
Size
988KB
-
MD5
ba278ec040eb5df044a5baf5ca95fb2f
-
SHA1
2cd4a508be34ec1be76e47c6891bbfcd579bc9b6
-
SHA256
d90dc3f22cc7bd92f22bafa9d77b0e373849386eae57606b42239f915357084a
-
SHA512
9e1a4d7c8af370a625e11703730dcc599a5a8622f876f14d41b5678f014da5521944758847f87e96c8e89224272060d2d07ec37ad3b8b78040cbcab5cd9e7eb2
-
SSDEEP
12288:g5ZgdOO/46Dn2+wtP4KuHOWhEaApq0SMFqYOHNhBTgfikOL7pHvjJ5Jw8q1Dfkla:gPE/ytHuu8oSwe3BTrfJrvO8q1Bf
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-