General
-
Target
6e2b3a84a7909dfd1225e50531472550_JaffaCakes118
-
Size
713KB
-
Sample
240725-fcxq9azajm
-
MD5
6e2b3a84a7909dfd1225e50531472550
-
SHA1
43494299e1c62303c7a474597596b37b5ce42995
-
SHA256
9f696e79262e364e69807f01b338d9bbf3e4caeb8dbee6b44d53b14b5d02e214
-
SHA512
3f9b9a2ad693b0f40713bd26d94694adb540f4f1f045d87ae723b4fc089a2855b2d5c6ca6f975e71b0b623dd107b71ea24f0e683f2b3001248afe7bfae9af0fb
-
SSDEEP
12288:SK2mhAMJ/cPltnMCiX1Fv9vdSu+P4EiJ27lrr5Cefhm5TAFa9SpPzMfoWuFXBX4F:T2O/GlRMCYr11S/CJsXPZm5kYYpzooWB
Static task
static1
Behavioral task
behavioral1
Sample
6e2b3a84a7909dfd1225e50531472550_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6e2b3a84a7909dfd1225e50531472550_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
smokeloader
VgU
Targets
-
-
Target
6e2b3a84a7909dfd1225e50531472550_JaffaCakes118
-
Size
713KB
-
MD5
6e2b3a84a7909dfd1225e50531472550
-
SHA1
43494299e1c62303c7a474597596b37b5ce42995
-
SHA256
9f696e79262e364e69807f01b338d9bbf3e4caeb8dbee6b44d53b14b5d02e214
-
SHA512
3f9b9a2ad693b0f40713bd26d94694adb540f4f1f045d87ae723b4fc089a2855b2d5c6ca6f975e71b0b623dd107b71ea24f0e683f2b3001248afe7bfae9af0fb
-
SSDEEP
12288:SK2mhAMJ/cPltnMCiX1Fv9vdSu+P4EiJ27lrr5Cefhm5TAFa9SpPzMfoWuFXBX4F:T2O/GlRMCYr11S/CJsXPZm5kYYpzooWB
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-