General
-
Target
71efd5f8d2ad4c891d4d52f2cce17561_JaffaCakes118
-
Size
144KB
-
Sample
241024-cy3mvazhjg
-
MD5
71efd5f8d2ad4c891d4d52f2cce17561
-
SHA1
f34013094d0de6756de5c4979181e1a468836454
-
SHA256
62c10c55dac6618eff4716e89de4bae41c429102fae8cae2f0ffc86a05ad82e2
-
SHA512
0f8bab954b18c6e57a3bd0b1b685a5c4d4b194ab30c4b0e8a192cf57d9343c33e7b3f2ed9cb8a815f931b702c528d01ac58f30b8bfa3921854b285cd899bd7b0
-
SSDEEP
3072:XNfr+k4XY4h+PhzjzrOdt9lES2jbxWGqe:XNf14D+PhznrOdmSbGqe
Static task
static1
Behavioral task
behavioral1
Sample
71efd5f8d2ad4c891d4d52f2cce17561_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
71efd5f8d2ad4c891d4d52f2cce17561_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
91.218.39.211
188.130.237.44
91.204.162.103
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
71efd5f8d2ad4c891d4d52f2cce17561_JaffaCakes118
-
Size
144KB
-
MD5
71efd5f8d2ad4c891d4d52f2cce17561
-
SHA1
f34013094d0de6756de5c4979181e1a468836454
-
SHA256
62c10c55dac6618eff4716e89de4bae41c429102fae8cae2f0ffc86a05ad82e2
-
SHA512
0f8bab954b18c6e57a3bd0b1b685a5c4d4b194ab30c4b0e8a192cf57d9343c33e7b3f2ed9cb8a815f931b702c528d01ac58f30b8bfa3921854b285cd899bd7b0
-
SSDEEP
3072:XNfr+k4XY4h+PhzjzrOdt9lES2jbxWGqe:XNf14D+PhznrOdmSbGqe
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-