General
-
Target
442d38dd58513f6a0de7da51976b4839_JaffaCakes118
-
Size
1.1MB
-
Sample
240714-ec5lesvhkp
-
MD5
442d38dd58513f6a0de7da51976b4839
-
SHA1
58676f0f25a6b7bed1f740e9c092570c4eb4d096
-
SHA256
9a541f72be5b468a4045c8dcefb9eb96ab1b1d864b51e3946b52544ff3078c22
-
SHA512
307047530d41fd9d6e48c782a60ef0f2bfd3c000e3168accf5515aa3ff177a1cd045a79288affe593d9373b9dd028e9d6887ad425c8d2b21ebef04036152c045
-
SSDEEP
24576:Do2nuQAXlNcyezFS8aFgwd8TD28I494VdwZYnYfoxRyUmItl:nnnANex76A94VdwAY0yAtl
Static task
static1
Behavioral task
behavioral1
Sample
442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/SKyptWbF
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
442d38dd58513f6a0de7da51976b4839_JaffaCakes118
-
Size
1.1MB
-
MD5
442d38dd58513f6a0de7da51976b4839
-
SHA1
58676f0f25a6b7bed1f740e9c092570c4eb4d096
-
SHA256
9a541f72be5b468a4045c8dcefb9eb96ab1b1d864b51e3946b52544ff3078c22
-
SHA512
307047530d41fd9d6e48c782a60ef0f2bfd3c000e3168accf5515aa3ff177a1cd045a79288affe593d9373b9dd028e9d6887ad425c8d2b21ebef04036152c045
-
SSDEEP
24576:Do2nuQAXlNcyezFS8aFgwd8TD28I494VdwZYnYfoxRyUmItl:nnnANex76A94VdwAY0yAtl
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-