General
-
Target
5ba0845ff3f7f12479a59e063d201db3_JaffaCakes118
-
Size
140KB
-
Sample
240719-myh9ba1aqe
-
MD5
5ba0845ff3f7f12479a59e063d201db3
-
SHA1
bb9e1b5656e76f43cb55da49981b6b66c3f59ec5
-
SHA256
c63956f492ac0e6d79a7751945c573fa475f502ff8482461a52bdc2376c1f771
-
SHA512
11a19687c3afd02ed2904dacbbbbb6d9d4336435aed049eb6bef0b1827e719c508d70a4926f5aff233b9e802edfcc66790808c8f045ea1e04c599f7f66a3ef1c
-
SSDEEP
1536:vjjjPWXk20UMf9sliQ6HgEGHuLjzUgvKGlDbALtTaOE/iwXdBLpVQ5mZWTSf9ef:vXS8f9sEQfETLjJKGlQdnE/iETLamnq
Static task
static1
Behavioral task
behavioral1
Sample
5ba0845ff3f7f12479a59e063d201db3_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5ba0845ff3f7f12479a59e063d201db3_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
94.75.255.140
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
5ba0845ff3f7f12479a59e063d201db3_JaffaCakes118
-
Size
140KB
-
MD5
5ba0845ff3f7f12479a59e063d201db3
-
SHA1
bb9e1b5656e76f43cb55da49981b6b66c3f59ec5
-
SHA256
c63956f492ac0e6d79a7751945c573fa475f502ff8482461a52bdc2376c1f771
-
SHA512
11a19687c3afd02ed2904dacbbbbb6d9d4336435aed049eb6bef0b1827e719c508d70a4926f5aff233b9e802edfcc66790808c8f045ea1e04c599f7f66a3ef1c
-
SSDEEP
1536:vjjjPWXk20UMf9sliQ6HgEGHuLjzUgvKGlDbALtTaOE/iwXdBLpVQ5mZWTSf9ef:vXS8f9sEQfETLjJKGlQdnE/iETLamnq
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-