General
-
Target
8efd6c8e0533ff95e0599cfa65959ce8_JaffaCakes118
-
Size
255KB
-
Sample
240812-q9jk1atfnj
-
MD5
8efd6c8e0533ff95e0599cfa65959ce8
-
SHA1
aab70771c2cd124013e3da4e46ccd523ced2089c
-
SHA256
2837b9d85f67a85697cf2ea82fddbac1b980109931b5edb51819135d6f4781a7
-
SHA512
6e66650dc4830a9c803649cb60f80fb1f125ea6572caf148e1ee979c86612891909a5201a617b1b95d164b937f1db48c1e6d84eeb8e580acc5bc3e166f35a54a
-
SSDEEP
6144:nsGU1sOG5w4GSnr2gGGGGGGGGGGGGGGGGGGGGGy2eIstcjGGGGGGGGGGGGGGGGGt:sGU1pEAAA
Static task
static1
Behavioral task
behavioral1
Sample
8efd6c8e0533ff95e0599cfa65959ce8_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
8efd6c8e0533ff95e0599cfa65959ce8_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
31.210.119.2
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
8efd6c8e0533ff95e0599cfa65959ce8_JaffaCakes118
-
Size
255KB
-
MD5
8efd6c8e0533ff95e0599cfa65959ce8
-
SHA1
aab70771c2cd124013e3da4e46ccd523ced2089c
-
SHA256
2837b9d85f67a85697cf2ea82fddbac1b980109931b5edb51819135d6f4781a7
-
SHA512
6e66650dc4830a9c803649cb60f80fb1f125ea6572caf148e1ee979c86612891909a5201a617b1b95d164b937f1db48c1e6d84eeb8e580acc5bc3e166f35a54a
-
SSDEEP
6144:nsGU1sOG5w4GSnr2gGGGGGGGGGGGGGGGGGGGGGy2eIstcjGGGGGGGGGGGGGGGGGt:sGU1pEAAA
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-