General
-
Target
9fef7804e278db330f68567a8f2981cb_JaffaCakes118
-
Size
11.3MB
-
Sample
240816-zxs4caxblh
-
MD5
9fef7804e278db330f68567a8f2981cb
-
SHA1
7bfe128fd5d587262b2f6f0fe8845436cab4598b
-
SHA256
041d4252fd88022880897cab2f7c42afd668742d9aba9e79c49882cf1fc212d4
-
SHA512
b1bd08ffdd6b8f22525a178be0a4f626c8274fd2cd67b8cca61dd6fd31e86d110e880eed81587242a1bf65bf3f5ef2fd8e79b7323d8da7ac0088fec610a9714b
-
SSDEEP
196608:qtPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPf:q
Static task
static1
Behavioral task
behavioral1
Sample
9fef7804e278db330f68567a8f2981cb_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
9fef7804e278db330f68567a8f2981cb_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
9fef7804e278db330f68567a8f2981cb_JaffaCakes118
-
Size
11.3MB
-
MD5
9fef7804e278db330f68567a8f2981cb
-
SHA1
7bfe128fd5d587262b2f6f0fe8845436cab4598b
-
SHA256
041d4252fd88022880897cab2f7c42afd668742d9aba9e79c49882cf1fc212d4
-
SHA512
b1bd08ffdd6b8f22525a178be0a4f626c8274fd2cd67b8cca61dd6fd31e86d110e880eed81587242a1bf65bf3f5ef2fd8e79b7323d8da7ac0088fec610a9714b
-
SSDEEP
196608:qtPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPf:q
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2