General
-
Target
4848315a2917b333b8436587626fc48f_JaffaCakes118
-
Size
255KB
-
Sample
240715-fe312s1flg
-
MD5
4848315a2917b333b8436587626fc48f
-
SHA1
1c16c844bb29176162ca17936386cc49c91e6abc
-
SHA256
0a3cef3d7f5560ef2cf025e2b9976e90fd3ee9da43f3f7a6a375d1707b0ce7fe
-
SHA512
af3d71a6f55e2c68f640c12faeefdca463d5929ef0a0b822bb270935f5af793afa5bf03b10dc426177b98f3d9e8cc6fe0efec6a6cef13f96062c2db6cdb98438
-
SSDEEP
3072:0Em2GULHi0lnccicMhW7R4dtiTMQBZFEcNBZFEvNBZFEcNBZG:0sGUuecczMhWvT
Static task
static1
Behavioral task
behavioral1
Sample
4848315a2917b333b8436587626fc48f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4848315a2917b333b8436587626fc48f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
31.210.119.2
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
4848315a2917b333b8436587626fc48f_JaffaCakes118
-
Size
255KB
-
MD5
4848315a2917b333b8436587626fc48f
-
SHA1
1c16c844bb29176162ca17936386cc49c91e6abc
-
SHA256
0a3cef3d7f5560ef2cf025e2b9976e90fd3ee9da43f3f7a6a375d1707b0ce7fe
-
SHA512
af3d71a6f55e2c68f640c12faeefdca463d5929ef0a0b822bb270935f5af793afa5bf03b10dc426177b98f3d9e8cc6fe0efec6a6cef13f96062c2db6cdb98438
-
SSDEEP
3072:0Em2GULHi0lnccicMhW7R4dtiTMQBZFEcNBZFEvNBZFEcNBZG:0sGUuecczMhWvT
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-