General
-
Target
788901d88a62786fe09465f48b87fdaf_JaffaCakes118
-
Size
290KB
-
Sample
240727-r5xgqsxeka
-
MD5
788901d88a62786fe09465f48b87fdaf
-
SHA1
27b6926b2cc6012a6af85a03bc8ab1041d327f51
-
SHA256
4e054bef6499a2f80854bbbb4063c7d9eb5c139df5641a9ddc1d460c4a69f244
-
SHA512
e17dfcad3ee1f2df181d8dd63d4dd45c0405625c70d11247e0f493baf7d5cca7ec0754d94436d7b81c30507fdb1d0e0cbcaa4b2cf9de4ea211cee92783a6f7dd
-
SSDEEP
6144:ijbUCICA+OExgDQjQq2NlMWH3CGm9ptSjyjLlwqaKv6bc:ijwvCAUSnBTMyzm9ptpjh5ak
Static task
static1
Behavioral task
behavioral1
Sample
788901d88a62786fe09465f48b87fdaf_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
788901d88a62786fe09465f48b87fdaf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
latentbot
1easydung69.zapto.org
2easydung69.zapto.org
3easydung69.zapto.org
4easydung69.zapto.org
5easydung69.zapto.org
6easydung69.zapto.org
7easydung69.zapto.org
8easydung69.zapto.org
Targets
-
-
Target
788901d88a62786fe09465f48b87fdaf_JaffaCakes118
-
Size
290KB
-
MD5
788901d88a62786fe09465f48b87fdaf
-
SHA1
27b6926b2cc6012a6af85a03bc8ab1041d327f51
-
SHA256
4e054bef6499a2f80854bbbb4063c7d9eb5c139df5641a9ddc1d460c4a69f244
-
SHA512
e17dfcad3ee1f2df181d8dd63d4dd45c0405625c70d11247e0f493baf7d5cca7ec0754d94436d7b81c30507fdb1d0e0cbcaa4b2cf9de4ea211cee92783a6f7dd
-
SSDEEP
6144:ijbUCICA+OExgDQjQq2NlMWH3CGm9ptSjyjLlwqaKv6bc:ijwvCAUSnBTMyzm9ptpjh5ak
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3