General
-
Target
6e8f216b8825a770e65be7dd6bbc4205_JaffaCakes118
-
Size
14.2MB
-
Sample
241023-m6m78sybqk
-
MD5
6e8f216b8825a770e65be7dd6bbc4205
-
SHA1
678a3d5627cb9f024bb113135402bf40f1314a4b
-
SHA256
48ecbdbb956f7aa8b648d3dc806f1b0555ae6d03aac761d39c0c431116cde001
-
SHA512
475c2651c38a12c58f604515416e00fb94ae496db0d96e1fd691b15822d368ab4f6ea675a76a25ff6ac0a2a1bf86855764f14a2428807a2221d3aa036f21db2e
-
SSDEEP
12288:U6oEnffffffffffffffffffffffffffffffffffffffffffffffffffffffffff/:U6
Static task
static1
Behavioral task
behavioral1
Sample
6e8f216b8825a770e65be7dd6bbc4205_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6e8f216b8825a770e65be7dd6bbc4205_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
6e8f216b8825a770e65be7dd6bbc4205_JaffaCakes118
-
Size
14.2MB
-
MD5
6e8f216b8825a770e65be7dd6bbc4205
-
SHA1
678a3d5627cb9f024bb113135402bf40f1314a4b
-
SHA256
48ecbdbb956f7aa8b648d3dc806f1b0555ae6d03aac761d39c0c431116cde001
-
SHA512
475c2651c38a12c58f604515416e00fb94ae496db0d96e1fd691b15822d368ab4f6ea675a76a25ff6ac0a2a1bf86855764f14a2428807a2221d3aa036f21db2e
-
SSDEEP
12288:U6oEnffffffffffffffffffffffffffffffffffffffffffffffffffffffffff/:U6
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2