General
-
Target
7b92e9d21bc4db838bc102b289f4fd5f_JaffaCakes118
-
Size
319KB
-
Sample
240731-hbr6gsvhme
-
MD5
7b92e9d21bc4db838bc102b289f4fd5f
-
SHA1
44787ddf91b10291f8338590c5d99839040e1cd5
-
SHA256
efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761
-
SHA512
c8e38f25ba8bedafabe0dd04920dfeef44d6192fc8aab5e7efaf7aed248c5f5ae1af02e51b09d0fbb5e88b5916f57c0d88a5b626e0c90d207a113245de91285c
-
SSDEEP
3072:jB8sG8S+M2sDsyLFdPyjAaswzjVFOBA3IQOfQQ6FpuB3zOa9vMpuc9:jB5MxjbJy8ocA33Of7Yp4jOa9Up
Behavioral task
behavioral1
Sample
7b92e9d21bc4db838bc102b289f4fd5f_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
7b92e9d21bc4db838bc102b289f4fd5f_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
gozi
Targets
-
-
Target
7b92e9d21bc4db838bc102b289f4fd5f_JaffaCakes118
-
Size
319KB
-
MD5
7b92e9d21bc4db838bc102b289f4fd5f
-
SHA1
44787ddf91b10291f8338590c5d99839040e1cd5
-
SHA256
efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761
-
SHA512
c8e38f25ba8bedafabe0dd04920dfeef44d6192fc8aab5e7efaf7aed248c5f5ae1af02e51b09d0fbb5e88b5916f57c0d88a5b626e0c90d207a113245de91285c
-
SSDEEP
3072:jB8sG8S+M2sDsyLFdPyjAaswzjVFOBA3IQOfQQ6FpuB3zOa9vMpuc9:jB5MxjbJy8ocA33Of7Yp4jOa9Up
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-