General
-
Target
1783e2beef4c8cbd1b7887f2804b1698_JaffaCakes118
-
Size
133KB
-
Sample
240627-zvl71s1amf
-
MD5
1783e2beef4c8cbd1b7887f2804b1698
-
SHA1
4ed87a4c967d82e914e24fc25c868572eb2263f9
-
SHA256
27a96d1d3be59518333398b4796e733ea886a39d13b340916016a1a265982777
-
SHA512
0dc1d3c1a516a85258dbb1815bb188f579e3c088b22e69c969e14baa024bf70b0e3ef8a443269f67d7a87e1760258ca4694e569fbe5e38bde0f081861e3f8d22
-
SSDEEP
1536:Q74zUiEiGmPcf25I6hbCadtdAQAbPkAPlDTMhYzyvfQLmPtnTlbU:QpiaV+5HvtunPkA9TCYzyvfystnW
Static task
static1
Behavioral task
behavioral1
Sample
1783e2beef4c8cbd1b7887f2804b1698_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1783e2beef4c8cbd1b7887f2804b1698_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
tofsee
64.20.54.234
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
1783e2beef4c8cbd1b7887f2804b1698_JaffaCakes118
-
Size
133KB
-
MD5
1783e2beef4c8cbd1b7887f2804b1698
-
SHA1
4ed87a4c967d82e914e24fc25c868572eb2263f9
-
SHA256
27a96d1d3be59518333398b4796e733ea886a39d13b340916016a1a265982777
-
SHA512
0dc1d3c1a516a85258dbb1815bb188f579e3c088b22e69c969e14baa024bf70b0e3ef8a443269f67d7a87e1760258ca4694e569fbe5e38bde0f081861e3f8d22
-
SSDEEP
1536:Q74zUiEiGmPcf25I6hbCadtdAQAbPkAPlDTMhYzyvfQLmPtnTlbU:QpiaV+5HvtunPkA9TCYzyvfystnW
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-