General
-
Target
228ba403b156f13f60ec39a0072329e5_JaffaCakes118
-
Size
11.4MB
-
Sample
240703-qys1aszajg
-
MD5
228ba403b156f13f60ec39a0072329e5
-
SHA1
8230053a7c4821d017611ab010611b348a8e2a28
-
SHA256
d98a54b16d8ca038eac0ff89f08c054877975660f0104747a5d717d8c6668037
-
SHA512
0ce127888ae89259fe88430a4b77016e4cb6b2b5d1a99d3bb59a35c51c1d9aca3560f67a8ea57b023e183ad0b365fb395dddae7611db0daa814bc4c48b1c0e52
-
SSDEEP
196608:bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff/:
Static task
static1
Behavioral task
behavioral1
Sample
228ba403b156f13f60ec39a0072329e5_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
228ba403b156f13f60ec39a0072329e5_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
228ba403b156f13f60ec39a0072329e5_JaffaCakes118
-
Size
11.4MB
-
MD5
228ba403b156f13f60ec39a0072329e5
-
SHA1
8230053a7c4821d017611ab010611b348a8e2a28
-
SHA256
d98a54b16d8ca038eac0ff89f08c054877975660f0104747a5d717d8c6668037
-
SHA512
0ce127888ae89259fe88430a4b77016e4cb6b2b5d1a99d3bb59a35c51c1d9aca3560f67a8ea57b023e183ad0b365fb395dddae7611db0daa814bc4c48b1c0e52
-
SSDEEP
196608:bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff/:
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1