General
-
Target
517123fcc7badee52a30705f4cdaf630_JaffaCakes118
-
Size
13.6MB
-
Sample
240717-ezheeavhqm
-
MD5
517123fcc7badee52a30705f4cdaf630
-
SHA1
f67f1cd917f8f5aee2d3577c73362afc124221f2
-
SHA256
5e39aee1e32aadd42e1def5fd7f89386978c7bf73ae2d873e4eeb55b13fdaa2c
-
SHA512
0ba2ce07b6c90b0852262fd59b2643956dd92deb66339f9fc17cddc3fd600984c7056620eb01e05a6ee1076c761cd35bb2682462189dc083a6fba2ef5de6aba2
-
SSDEEP
196608:7XPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPH:7
Static task
static1
Behavioral task
behavioral1
Sample
517123fcc7badee52a30705f4cdaf630_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
517123fcc7badee52a30705f4cdaf630_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
517123fcc7badee52a30705f4cdaf630_JaffaCakes118
-
Size
13.6MB
-
MD5
517123fcc7badee52a30705f4cdaf630
-
SHA1
f67f1cd917f8f5aee2d3577c73362afc124221f2
-
SHA256
5e39aee1e32aadd42e1def5fd7f89386978c7bf73ae2d873e4eeb55b13fdaa2c
-
SHA512
0ba2ce07b6c90b0852262fd59b2643956dd92deb66339f9fc17cddc3fd600984c7056620eb01e05a6ee1076c761cd35bb2682462189dc083a6fba2ef5de6aba2
-
SSDEEP
196608:7XPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPH:7
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1