General
-
Target
5a6f1e62b8443543418fe946cc21951c_JaffaCakes118
-
Size
255KB
-
Sample
240719-ew6ylawanf
-
MD5
5a6f1e62b8443543418fe946cc21951c
-
SHA1
4bb3dc57fd0dda3e85c3f156142d8670777336c5
-
SHA256
231eebbfeac8480860af0aa2e57c275bf2c1e7fa26288fb1424cbbc9e261e69f
-
SHA512
e11fe0aa39137381a877c908b27b5bab0a0421109526462dffbd84b81c9ba47a756677e77d1e0ebf1555e407598d1205a006080174efb783606e5977fe8a92d8
-
SSDEEP
6144:csGUGKYxh+tcgagqz1YXoZcNYXoZcNYXoZcNYX:LGUGdh+tcgbqz1YXoZcNYXoZcNYXoZca
Static task
static1
Behavioral task
behavioral1
Sample
5a6f1e62b8443543418fe946cc21951c_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5a6f1e62b8443543418fe946cc21951c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
31.210.119.2
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
5a6f1e62b8443543418fe946cc21951c_JaffaCakes118
-
Size
255KB
-
MD5
5a6f1e62b8443543418fe946cc21951c
-
SHA1
4bb3dc57fd0dda3e85c3f156142d8670777336c5
-
SHA256
231eebbfeac8480860af0aa2e57c275bf2c1e7fa26288fb1424cbbc9e261e69f
-
SHA512
e11fe0aa39137381a877c908b27b5bab0a0421109526462dffbd84b81c9ba47a756677e77d1e0ebf1555e407598d1205a006080174efb783606e5977fe8a92d8
-
SSDEEP
6144:csGUGKYxh+tcgagqz1YXoZcNYXoZcNYXoZcNYX:LGUGdh+tcgbqz1YXoZcNYXoZcNYXoZca
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-