General
-
Target
51c94cd565e86ac5ef92bde11cfc7d45_JaffaCakes118
-
Size
132KB
-
Sample
241017-mxn36sxfnj
-
MD5
51c94cd565e86ac5ef92bde11cfc7d45
-
SHA1
8f39e287ece1d5263d5876d70faa6a63abd61ad2
-
SHA256
d616c06ff732cde4eccb873f02cdac5ab663e6c3f426a1bf6d4e765a880bdf13
-
SHA512
91918b1061b342af9cd65d12b5ceba351d69d76d3a7d128b5dce98c7125fa59f1de38b99aaaf85f7a3db23833dd4a84a216c4f68b1fed2bbb85b3ff8e577f285
-
SSDEEP
3072:sixk/6UiWZ51WCOKn7OsQlVYh3GDrYoQeT67po4zUkMT1byOAMoutv:sNiW3JrmYhG67p3hKoSv
Static task
static1
Behavioral task
behavioral1
Sample
51c94cd565e86ac5ef92bde11cfc7d45_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
51c94cd565e86ac5ef92bde11cfc7d45_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
51c94cd565e86ac5ef92bde11cfc7d45_JaffaCakes118
-
Size
132KB
-
MD5
51c94cd565e86ac5ef92bde11cfc7d45
-
SHA1
8f39e287ece1d5263d5876d70faa6a63abd61ad2
-
SHA256
d616c06ff732cde4eccb873f02cdac5ab663e6c3f426a1bf6d4e765a880bdf13
-
SHA512
91918b1061b342af9cd65d12b5ceba351d69d76d3a7d128b5dce98c7125fa59f1de38b99aaaf85f7a3db23833dd4a84a216c4f68b1fed2bbb85b3ff8e577f285
-
SSDEEP
3072:sixk/6UiWZ51WCOKn7OsQlVYh3GDrYoQeT67po4zUkMT1byOAMoutv:sNiW3JrmYhG67p3hKoSv
-
Detect Blackmoon payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-