General
-
Target
ec030d3276115a3c890665b0725585f5_JaffaCakes118
-
Size
510KB
-
Sample
240919-xwllrsvgqb
-
MD5
ec030d3276115a3c890665b0725585f5
-
SHA1
5c7a2b3f748602f9c43b254e46b196eaab93d78e
-
SHA256
331a1d704573224a0efc415feaf7b3666d3739ea1a03d0af1248687f065e9b3d
-
SHA512
95af61fcd6ee514ff612283f69c182c6c89c0074b395374ada4a6cd110914a75da624c48b9d76009f68adc6fa985ef8b87b873a0a51a271c09ce8f4239fa3d42
-
SSDEEP
12288:4M7VEBOPLt0/mAz36UHcTNN6Fi4o7A7Epu4ETMWYtLdZUkN1Oa6BGm7:17VEUPe/mc85Vu7M1LWBp7
Behavioral task
behavioral1
Sample
ec030d3276115a3c890665b0725585f5_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
latentbot
snaggelpuss123.zapto.org
Targets
-
-
Target
ec030d3276115a3c890665b0725585f5_JaffaCakes118
-
Size
510KB
-
MD5
ec030d3276115a3c890665b0725585f5
-
SHA1
5c7a2b3f748602f9c43b254e46b196eaab93d78e
-
SHA256
331a1d704573224a0efc415feaf7b3666d3739ea1a03d0af1248687f065e9b3d
-
SHA512
95af61fcd6ee514ff612283f69c182c6c89c0074b395374ada4a6cd110914a75da624c48b9d76009f68adc6fa985ef8b87b873a0a51a271c09ce8f4239fa3d42
-
SSDEEP
12288:4M7VEBOPLt0/mAz36UHcTNN6Fi4o7A7Epu4ETMWYtLdZUkN1Oa6BGm7:17VEUPe/mc85Vu7M1LWBp7
-
Modifies firewall policy service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-