General
-
Target
4e8ff72edb9650dc1227c2b1f01ad378_JaffaCakes118
-
Size
221KB
-
Sample
241016-xye7rs1dlk
-
MD5
4e8ff72edb9650dc1227c2b1f01ad378
-
SHA1
336c75beb424e2ad8a4a9fdfc1c960fed689bd07
-
SHA256
c0e9231c3510c9fd32c3da3fdcc9d779f13bf3946eb363440655aeff1914e018
-
SHA512
ce6d1baaac6dc9bdd4f79a637a3f655af934db275e34439884794c2ff01f6c9f07d5ad2d8c9c076cec4bfe43ff012cafe5209d27015795fcbab4012d875a0a54
-
SSDEEP
6144:2bN7CFa7xa/2AG9V4JGePqLJwvRZZyhJGppShdSM1/:fkMckJI4RqhLdSe
Static task
static1
Behavioral task
behavioral1
Sample
4e8ff72edb9650dc1227c2b1f01ad378_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
4e8ff72edb9650dc1227c2b1f01ad378_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4e8ff72edb9650dc1227c2b1f01ad378_JaffaCakes118
-
Size
221KB
-
MD5
4e8ff72edb9650dc1227c2b1f01ad378
-
SHA1
336c75beb424e2ad8a4a9fdfc1c960fed689bd07
-
SHA256
c0e9231c3510c9fd32c3da3fdcc9d779f13bf3946eb363440655aeff1914e018
-
SHA512
ce6d1baaac6dc9bdd4f79a637a3f655af934db275e34439884794c2ff01f6c9f07d5ad2d8c9c076cec4bfe43ff012cafe5209d27015795fcbab4012d875a0a54
-
SSDEEP
6144:2bN7CFa7xa/2AG9V4JGePqLJwvRZZyhJGppShdSM1/:fkMckJI4RqhLdSe
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-