General
-
Target
56213a6487ab2bccbc59e7e87aabff95_JaffaCakes118
-
Size
133KB
-
Sample
240718-e1qgeavelm
-
MD5
56213a6487ab2bccbc59e7e87aabff95
-
SHA1
40748ef8241587c207311160e9d1115e0bb4c374
-
SHA256
4270d9f809d18daa8f77b828246d5d2130dcd899e20656cfe0bff05332db991e
-
SHA512
c8c60671d23ad59dc7dd7dd7f02ee6988904bc9d72a162ac68b2e9e43da8f7ca13ddc9d49e81686840ae2776ba1b8f37fddc3705c6d9f7a1acba9da871d5cc3d
-
SSDEEP
1536:FnTcqpP5uH0gP2r5zMiqCWQ6Q/GeFiIc7tnE0sPST6Q1:FnTcs5fxr5zMVwrwtnE0saD
Static task
static1
Behavioral task
behavioral1
Sample
56213a6487ab2bccbc59e7e87aabff95_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
56213a6487ab2bccbc59e7e87aabff95_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
64.20.54.234
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
56213a6487ab2bccbc59e7e87aabff95_JaffaCakes118
-
Size
133KB
-
MD5
56213a6487ab2bccbc59e7e87aabff95
-
SHA1
40748ef8241587c207311160e9d1115e0bb4c374
-
SHA256
4270d9f809d18daa8f77b828246d5d2130dcd899e20656cfe0bff05332db991e
-
SHA512
c8c60671d23ad59dc7dd7dd7f02ee6988904bc9d72a162ac68b2e9e43da8f7ca13ddc9d49e81686840ae2776ba1b8f37fddc3705c6d9f7a1acba9da871d5cc3d
-
SSDEEP
1536:FnTcqpP5uH0gP2r5zMiqCWQ6Q/GeFiIc7tnE0sPST6Q1:FnTcs5fxr5zMVwrwtnE0saD
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-