General
-
Target
6315b5985b59592bcb0b76a12d842a53_JaffaCakes118
-
Size
10.4MB
-
Sample
240722-nsrh6swgjm
-
MD5
6315b5985b59592bcb0b76a12d842a53
-
SHA1
68e27e767670329db251d41fde2cd30a130b7b84
-
SHA256
2cea1b1e165a19acb0c3a4c4c9a73798a20a6f43965863b29266a36f0f8aa49d
-
SHA512
a14da4149fb7749dc3942009a34913b4dab5e9d0d83d01ca7d69c5f526cf33edab79fac083d2908b40b8d61ae9c5b8d48f382cacf8806fdf5c81dfe925084d42
-
SSDEEP
12288:Pp4/GC6zTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTT:PpeG
Static task
static1
Behavioral task
behavioral1
Sample
6315b5985b59592bcb0b76a12d842a53_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6315b5985b59592bcb0b76a12d842a53_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
6315b5985b59592bcb0b76a12d842a53_JaffaCakes118
-
Size
10.4MB
-
MD5
6315b5985b59592bcb0b76a12d842a53
-
SHA1
68e27e767670329db251d41fde2cd30a130b7b84
-
SHA256
2cea1b1e165a19acb0c3a4c4c9a73798a20a6f43965863b29266a36f0f8aa49d
-
SHA512
a14da4149fb7749dc3942009a34913b4dab5e9d0d83d01ca7d69c5f526cf33edab79fac083d2908b40b8d61ae9c5b8d48f382cacf8806fdf5c81dfe925084d42
-
SSDEEP
12288:Pp4/GC6zTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTzTT:PpeG
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1