General
-
Target
89bfd463ca76b62c61a548778316567d_JaffaCakes118
-
Size
452KB
-
Sample
240811-kvbzqasgnm
-
MD5
89bfd463ca76b62c61a548778316567d
-
SHA1
c177b6298e37b6f541d748b7e988de5d2b2c95e1
-
SHA256
c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf
-
SHA512
48daf33aa5b6c1bc08591e9145600a8054090c1abbfea5c5bea9d8527de99da8f9f5bff398aee7c3ad299cb59e64de6f60025fde7450ba8a0b3280994663498e
-
SSDEEP
6144:5btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:5mmCVRtPvq2+d/
Behavioral task
behavioral1
Sample
89bfd463ca76b62c61a548778316567d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
89bfd463ca76b62c61a548778316567d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
gozi
Targets
-
-
Target
89bfd463ca76b62c61a548778316567d_JaffaCakes118
-
Size
452KB
-
MD5
89bfd463ca76b62c61a548778316567d
-
SHA1
c177b6298e37b6f541d748b7e988de5d2b2c95e1
-
SHA256
c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf
-
SHA512
48daf33aa5b6c1bc08591e9145600a8054090c1abbfea5c5bea9d8527de99da8f9f5bff398aee7c3ad299cb59e64de6f60025fde7450ba8a0b3280994663498e
-
SSDEEP
6144:5btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:5mmCVRtPvq2+d/
Score8/10-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-