General
-
Target
852f562812305ad099372109f8e8b189_JaffaCakes118
-
Size
498KB
-
Sample
240810-hq6bnatgpe
-
MD5
852f562812305ad099372109f8e8b189
-
SHA1
f067c64bfcfc1c7883497618521e53206cfaa6e0
-
SHA256
ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228
-
SHA512
6649fe89a1647293949459b07752d14f9cd892b124bfdd6e62e3e8875a32ce2f451db85596896b3e62ac767712801119434c8a0d42e66328f9cb2799d3919194
-
SSDEEP
6144:UmoZkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upx:UmoZkmmCVRtPvq2+d/
Static task
static1
Behavioral task
behavioral1
Sample
852f562812305ad099372109f8e8b189_JaffaCakes118.dll
Resource
win7-20240704-en
Malware Config
Extracted
gozi
Targets
-
-
Target
852f562812305ad099372109f8e8b189_JaffaCakes118
-
Size
498KB
-
MD5
852f562812305ad099372109f8e8b189
-
SHA1
f067c64bfcfc1c7883497618521e53206cfaa6e0
-
SHA256
ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228
-
SHA512
6649fe89a1647293949459b07752d14f9cd892b124bfdd6e62e3e8875a32ce2f451db85596896b3e62ac767712801119434c8a0d42e66328f9cb2799d3919194
-
SSDEEP
6144:UmoZkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upx:UmoZkmmCVRtPvq2+d/
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-