General
-
Target
5493970c06b98da67f686ecce0b32216_JaffaCakes118
-
Size
10.9MB
-
Sample
240717-ytmayszerh
-
MD5
5493970c06b98da67f686ecce0b32216
-
SHA1
d7d319a8ab82614061b4e6baacae669abad81bc9
-
SHA256
3e126f15e4c7dbfee20721b323e5788742c63d9935e8eb6a01b432df3ff17a2c
-
SHA512
f845799e953300b0223b2325af61b105bb85eddf1c95d87a33f64601870a99b05341b47418be2831a871e05c08ae0cafa075dbdb1f0ea51c9945fc5f77f7e34e
-
SSDEEP
196608:a5qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqX:a
Static task
static1
Behavioral task
behavioral1
Sample
5493970c06b98da67f686ecce0b32216_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5493970c06b98da67f686ecce0b32216_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
5493970c06b98da67f686ecce0b32216_JaffaCakes118
-
Size
10.9MB
-
MD5
5493970c06b98da67f686ecce0b32216
-
SHA1
d7d319a8ab82614061b4e6baacae669abad81bc9
-
SHA256
3e126f15e4c7dbfee20721b323e5788742c63d9935e8eb6a01b432df3ff17a2c
-
SHA512
f845799e953300b0223b2325af61b105bb85eddf1c95d87a33f64601870a99b05341b47418be2831a871e05c08ae0cafa075dbdb1f0ea51c9945fc5f77f7e34e
-
SSDEEP
196608:a5qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqX:a
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1