General
-
Target
827897fc738bb1fe516cd74152f140bb_JaffaCakes118
-
Size
852KB
-
Sample
240802-blkqtswhll
-
MD5
827897fc738bb1fe516cd74152f140bb
-
SHA1
2573cabeb500a4e194381557b5327706fd92dd38
-
SHA256
18909cd222e8155fb27a6b856901b2e10e0704ee59e8724424ac51b375eb8326
-
SHA512
cce6c2437b15c7973fb927819d677b33bc5bb0715e1163ec5c86a6000f71f1fbe8387e9d18f0d000f2678dd7d6cc42c74f6c76b3382481269fb6222d331ce1d6
-
SSDEEP
12288:9uEV3sUPJ0c00RDwme95mJyN2KYIosW0KaAPF9Fsv9uifapiPWQsSf7H4fiOXaUS:tjR83UrRLiC5aUrG
Static task
static1
Behavioral task
behavioral1
Sample
827897fc738bb1fe516cd74152f140bb_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
latentbot
blackyshady.zapto.org
1blackyshady.zapto.org
2blackyshady.zapto.org
3blackyshady.zapto.org
4blackyshady.zapto.org
5blackyshady.zapto.org
6blackyshady.zapto.org
7blackyshady.zapto.org
8blackyshady.zapto.org
Targets
-
-
Target
827897fc738bb1fe516cd74152f140bb_JaffaCakes118
-
Size
852KB
-
MD5
827897fc738bb1fe516cd74152f140bb
-
SHA1
2573cabeb500a4e194381557b5327706fd92dd38
-
SHA256
18909cd222e8155fb27a6b856901b2e10e0704ee59e8724424ac51b375eb8326
-
SHA512
cce6c2437b15c7973fb927819d677b33bc5bb0715e1163ec5c86a6000f71f1fbe8387e9d18f0d000f2678dd7d6cc42c74f6c76b3382481269fb6222d331ce1d6
-
SSDEEP
12288:9uEV3sUPJ0c00RDwme95mJyN2KYIosW0KaAPF9Fsv9uifapiPWQsSf7H4fiOXaUS:tjR83UrRLiC5aUrG
-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-