General
-
Target
4d22cfac14da3907e94b3825ac4875b5_JaffaCakes118
-
Size
116KB
-
Sample
240716-g2xyzs1fmb
-
MD5
4d22cfac14da3907e94b3825ac4875b5
-
SHA1
4cb321980a55116ba0d35b21aaf1fe7e08250e70
-
SHA256
e01a285adbb9fd9e374eb939ae1f0685a10e2ceb480d8e8b88c88575c0a5b698
-
SHA512
8a20b57040873d11aa35cf3dbd8d25888cd7dc0ff3577697f085b6d96e00b4a04b2f0b52950dd90f45883cfb382fffde4c8cad9dbec9e72710e702847f9c2733
-
SSDEEP
3072:2x7XWKnCVQPF2UnX2mkpzT2qWWYQhRrKH:28KCy/nVkBdDx
Static task
static1
Behavioral task
behavioral1
Sample
4d22cfac14da3907e94b3825ac4875b5_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
limerat
-
aes_key
killisrael
-
antivm
false
-
c2_url
https://pastebin.com/raw/v9J7B6vz
-
delay
3
-
download_payload
false
-
install
true
-
install_name
killisrael.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/v9J7B6vz
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
4d22cfac14da3907e94b3825ac4875b5_JaffaCakes118
-
Size
116KB
-
MD5
4d22cfac14da3907e94b3825ac4875b5
-
SHA1
4cb321980a55116ba0d35b21aaf1fe7e08250e70
-
SHA256
e01a285adbb9fd9e374eb939ae1f0685a10e2ceb480d8e8b88c88575c0a5b698
-
SHA512
8a20b57040873d11aa35cf3dbd8d25888cd7dc0ff3577697f085b6d96e00b4a04b2f0b52950dd90f45883cfb382fffde4c8cad9dbec9e72710e702847f9c2733
-
SSDEEP
3072:2x7XWKnCVQPF2UnX2mkpzT2qWWYQhRrKH:28KCy/nVkBdDx
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-