General
-
Target
612235daf3b39335b4ca81494d96048a_JaffaCakes118
-
Size
884KB
-
Sample
240721-yejlhs1epf
-
MD5
612235daf3b39335b4ca81494d96048a
-
SHA1
63130732594f4bd4178000955b393830a420fbbe
-
SHA256
d67c362005dab100f064915d22367fc969ad88ec4e0d6df5574d4b6c346fce65
-
SHA512
7a572baf94ef475db77dc70dd9661d08e76b4a179a177c7b53e920d0c414666c740262d26298ed19eadf74b31794ff1c3e90445279d42ce60f4c4f0963fad9b1
-
SSDEEP
24576:l1JlUxtpBIUNQcocN5nYkp7/jnL3BfDvOzOHOfbTrRbfDvOHzgr/bfDvOHLAr5bo:lMB8YwbfRYz6HYLapYD9TYLWSsHx9Vig
Static task
static1
Behavioral task
behavioral1
Sample
612235daf3b39335b4ca81494d96048a_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
612235daf3b39335b4ca81494d96048a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
612235daf3b39335b4ca81494d96048a_JaffaCakes118
-
Size
884KB
-
MD5
612235daf3b39335b4ca81494d96048a
-
SHA1
63130732594f4bd4178000955b393830a420fbbe
-
SHA256
d67c362005dab100f064915d22367fc969ad88ec4e0d6df5574d4b6c346fce65
-
SHA512
7a572baf94ef475db77dc70dd9661d08e76b4a179a177c7b53e920d0c414666c740262d26298ed19eadf74b31794ff1c3e90445279d42ce60f4c4f0963fad9b1
-
SSDEEP
24576:l1JlUxtpBIUNQcocN5nYkp7/jnL3BfDvOzOHOfbTrRbfDvOHzgr/bfDvOHLAr5bo:lMB8YwbfRYz6HYLapYD9TYLWSsHx9Vig
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-