General
-
Target
81cd522bbee329748be2dd219c88cce5_JaffaCakes118
-
Size
612KB
-
Sample
241031-f8s3ya1frp
-
MD5
81cd522bbee329748be2dd219c88cce5
-
SHA1
1a70ded79eaec230f7810a0eb1dd6ed3f98ffd78
-
SHA256
19ddc1f60f505a17da34fde25a21e8ea5aa604e0e060be2c13f07cbe155cb464
-
SHA512
7ab39b101abe81948a99bb302dde9f8b718994dea7a43f297146efc2772049889f06ac9b7d81898c7508b30ef4b788c6b8d486e714cf43910aaa71b07b36da19
-
SSDEEP
6144:IlXpXQs3kYR7M/yXWvW0/DVmVmYe0F4v5qsLKTbwhi4tVso9YAw5:0hPUYRo/dJ2TT4RjMkhi4zYAw5
Behavioral task
behavioral1
Sample
81cd522bbee329748be2dd219c88cce5_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
81cd522bbee329748be2dd219c88cce5_JaffaCakes118.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
81cd522bbee329748be2dd219c88cce5_JaffaCakes118
-
Size
612KB
-
MD5
81cd522bbee329748be2dd219c88cce5
-
SHA1
1a70ded79eaec230f7810a0eb1dd6ed3f98ffd78
-
SHA256
19ddc1f60f505a17da34fde25a21e8ea5aa604e0e060be2c13f07cbe155cb464
-
SHA512
7ab39b101abe81948a99bb302dde9f8b718994dea7a43f297146efc2772049889f06ac9b7d81898c7508b30ef4b788c6b8d486e714cf43910aaa71b07b36da19
-
SSDEEP
6144:IlXpXQs3kYR7M/yXWvW0/DVmVmYe0F4v5qsLKTbwhi4tVso9YAw5:0hPUYRo/dJ2TT4RjMkhi4zYAw5
Score8/10-
Blocklisted process makes network request
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-