General
-
Target
127d59e896105a4ca97bc280f568dcb0_JaffaCakes118
-
Size
1.1MB
-
Sample
240626-szkfnatdql
-
MD5
127d59e896105a4ca97bc280f568dcb0
-
SHA1
0a20354cb57ef1d58c4e7c51e24599a5fba172d0
-
SHA256
3483fc2b3d3897609a3c0374f863ebf6b1c7088ce6ecfa4b4d4db81b8d39edca
-
SHA512
110e78f265e09f0d49990a069ef3023c448c8acfebb127be8a1d2aa35176a1a3a31992a7a83ac34555e2e354fa42a5de232ff24e96ca0ce4cad350919f019ff2
-
SSDEEP
24576:SBY/jbLgH/8HM7wv11Coaz7iVW8MilGe05QiwJ0M5QFV:Nak5vzC1iM5icKi38Qj
Static task
static1
Behavioral task
behavioral1
Sample
127d59e896105a4ca97bc280f568dcb0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
127d59e896105a4ca97bc280f568dcb0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
127d59e896105a4ca97bc280f568dcb0_JaffaCakes118
-
Size
1.1MB
-
MD5
127d59e896105a4ca97bc280f568dcb0
-
SHA1
0a20354cb57ef1d58c4e7c51e24599a5fba172d0
-
SHA256
3483fc2b3d3897609a3c0374f863ebf6b1c7088ce6ecfa4b4d4db81b8d39edca
-
SHA512
110e78f265e09f0d49990a069ef3023c448c8acfebb127be8a1d2aa35176a1a3a31992a7a83ac34555e2e354fa42a5de232ff24e96ca0ce4cad350919f019ff2
-
SSDEEP
24576:SBY/jbLgH/8HM7wv11Coaz7iVW8MilGe05QiwJ0M5QFV:Nak5vzC1iM5icKi38Qj
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-