General
-
Target
21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118
-
Size
2.8MB
-
Sample
240703-gefq7azelg
-
MD5
21434ba1af9e80e0bb9d4e49e643d269
-
SHA1
c460ce1a3fd7c3c5af78ab01a18bc62bcf3a8c8b
-
SHA256
aa79d46aa459af0d46da380af6481f51369da4c4080a009028e83857dcd844f2
-
SHA512
012a96b51ee1cefa86c0bfca56f0fe2a0e3d7ec061fa6868184234338dd5f2329bc0de2298d4a782c3e2bdb4bd665fd373adad6f28f26c2c6439972280d9d7b8
-
SSDEEP
49152:AS4o6fCn0IO2N7Sb/h0vQV2vMHZYd6GZC+8qBBVRlEt73LfsL6kVOSo3dAf2doBn:AG0aw/8HWZY/A+8qvfli7fsLHgSw7G5P
Static task
static1
Behavioral task
behavioral1
Sample
21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
AmazonGamesSetup.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
AmazonGamesSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
LIXVoWXPPCyc5Jy.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
LIXVoWXPPCyc5Jy.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
bitrat
1.34
curtisusa.hopto.org:5215
-
communication_password
ee342c2505c08512ed898d3855498f1a
-
tor_process
tor
Targets
-
-
Target
21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118
-
Size
2.8MB
-
MD5
21434ba1af9e80e0bb9d4e49e643d269
-
SHA1
c460ce1a3fd7c3c5af78ab01a18bc62bcf3a8c8b
-
SHA256
aa79d46aa459af0d46da380af6481f51369da4c4080a009028e83857dcd844f2
-
SHA512
012a96b51ee1cefa86c0bfca56f0fe2a0e3d7ec061fa6868184234338dd5f2329bc0de2298d4a782c3e2bdb4bd665fd373adad6f28f26c2c6439972280d9d7b8
-
SSDEEP
49152:AS4o6fCn0IO2N7Sb/h0vQV2vMHZYd6GZC+8qBBVRlEt73LfsL6kVOSo3dAf2doBn:AG0aw/8HWZY/A+8qvfli7fsLHgSw7G5P
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
AmazonGamesSetup.exe
-
Size
1.8MB
-
MD5
02be3726c0a90958a3c30577d3b3a131
-
SHA1
bedbab8bd74a9d7313ba32ca033c81ec32c04706
-
SHA256
1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a
-
SHA512
662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713
-
SSDEEP
49152:G/mvl+01HHWra6IjgKDlUzIzsBKLxYqJKevCnuueO+0D17gM8s:bvUAnWrBq1ABzH
Score6/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
LIXVoWXPPCyc5Jy.exe
-
Size
2.5MB
-
MD5
cef6d09b553a93f81942da9838b1ac57
-
SHA1
c32fbf54b54dadabbae600645c417c163234daf5
-
SHA256
d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5
-
SHA512
05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928
-
SSDEEP
49152:SoSto6fCl0KeaNs68/bXvlM28MTVTc6hhCkJNV8VicCFiO1:S9+0P9/rBRVTpIkJN+YcLO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-