General
-
Target
05bf320994954329a3fd404d0d82fa62_JaffaCakes118
-
Size
136KB
-
Sample
240623-km6t5awdld
-
MD5
05bf320994954329a3fd404d0d82fa62
-
SHA1
7f46b22586acb7ea85bac546df8535864290febf
-
SHA256
075c3400a03685ae454d633c12c68fdb1908ee2383fa95a5dfc72421b4c8666e
-
SHA512
b355fe1d63696920dc548b9b3d616e7b7415a48d73bf1f49a460051af125ec51f2c0ee705926618aaf6cc40c7a2f2c0db8665b97bd083429ede28969f8436d46
-
SSDEEP
3072:YAzWS96CT5+8KRNlw5eXRS0uvB+bIJXo4y:jzV9JTM8K+5eY0u5+uXxy
Static task
static1
Behavioral task
behavioral1
Sample
05bf320994954329a3fd404d0d82fa62_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
05bf320994954329a3fd404d0d82fa62_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
tofsee
94.75.255.140
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
05bf320994954329a3fd404d0d82fa62_JaffaCakes118
-
Size
136KB
-
MD5
05bf320994954329a3fd404d0d82fa62
-
SHA1
7f46b22586acb7ea85bac546df8535864290febf
-
SHA256
075c3400a03685ae454d633c12c68fdb1908ee2383fa95a5dfc72421b4c8666e
-
SHA512
b355fe1d63696920dc548b9b3d616e7b7415a48d73bf1f49a460051af125ec51f2c0ee705926618aaf6cc40c7a2f2c0db8665b97bd083429ede28969f8436d46
-
SSDEEP
3072:YAzWS96CT5+8KRNlw5eXRS0uvB+bIJXo4y:jzV9JTM8K+5eY0u5+uXxy
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-