General
-
Target
b119fb896ea6040e56512e505bacf2bb_JaffaCakes118
-
Size
12.3MB
-
Sample
240820-2frkaszhrq
-
MD5
b119fb896ea6040e56512e505bacf2bb
-
SHA1
fb84673bb09379dc30379e7468838e1a08ecd0bf
-
SHA256
b73ff31b66db53d446fffaf62ffaa9f06aad06d931b819bbfcdfe7b42e555e5d
-
SHA512
74f03841d6bf76475b1f42e4fcd5d7ae3e4e77edbc2b715dc7aa880db74f4e1b36da751c2966f1118d9dee77d8ff0fea682718533db94d87a0e3bac7f99018c2
-
SSDEEP
196608:itPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPv:i
Static task
static1
Behavioral task
behavioral1
Sample
b119fb896ea6040e56512e505bacf2bb_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b119fb896ea6040e56512e505bacf2bb_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
b119fb896ea6040e56512e505bacf2bb_JaffaCakes118
-
Size
12.3MB
-
MD5
b119fb896ea6040e56512e505bacf2bb
-
SHA1
fb84673bb09379dc30379e7468838e1a08ecd0bf
-
SHA256
b73ff31b66db53d446fffaf62ffaa9f06aad06d931b819bbfcdfe7b42e555e5d
-
SHA512
74f03841d6bf76475b1f42e4fcd5d7ae3e4e77edbc2b715dc7aa880db74f4e1b36da751c2966f1118d9dee77d8ff0fea682718533db94d87a0e3bac7f99018c2
-
SSDEEP
196608:itPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPv:i
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2