General
-
Target
2eed52c3878912953cb4306b8949d86f_JaffaCakes118
-
Size
92KB
-
Sample
241009-lrgw8szgkc
-
MD5
2eed52c3878912953cb4306b8949d86f
-
SHA1
16547a49a3deb6d6259174d358286d7236330e85
-
SHA256
c7ea1fdfcb2e698a7095024bc1df8843806bd38836c95b49737400b3544f29ee
-
SHA512
39a55c6c4937878d309eb00a453bc71a913900fc05460fd2641a887e35d8cb217f1b92b01a35928b398d7ee57158a8af6c3b841cb94ea34683317e708306fa67
-
SSDEEP
1536:MUqiL7yqsnIwDO+wFo+gUGOtwrrL9aP27dfEJb5:HPyqsIYOGSGowrrL9o2he5
Static task
static1
Behavioral task
behavioral1
Sample
2eed52c3878912953cb4306b8949d86f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2eed52c3878912953cb4306b8949d86f_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
123code123
Targets
-
-
Target
2eed52c3878912953cb4306b8949d86f_JaffaCakes118
-
Size
92KB
-
MD5
2eed52c3878912953cb4306b8949d86f
-
SHA1
16547a49a3deb6d6259174d358286d7236330e85
-
SHA256
c7ea1fdfcb2e698a7095024bc1df8843806bd38836c95b49737400b3544f29ee
-
SHA512
39a55c6c4937878d309eb00a453bc71a913900fc05460fd2641a887e35d8cb217f1b92b01a35928b398d7ee57158a8af6c3b841cb94ea34683317e708306fa67
-
SSDEEP
1536:MUqiL7yqsnIwDO+wFo+gUGOtwrrL9aP27dfEJb5:HPyqsIYOGSGowrrL9o2he5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1