General
-
Target
82645945c9bc63d23da8e355065d8169_JaffaCakes118
-
Size
12.5MB
-
Sample
241031-jvzv4sthrc
-
MD5
82645945c9bc63d23da8e355065d8169
-
SHA1
4a487d6edbb8c9fa70a6296726788ff74e6a675c
-
SHA256
378013409ea4fc145dcf70286fc119f61608b49411c7339af5755c09ad764217
-
SHA512
5edd520a4d65a133acec61f4c4e074c999c17eaef31e3aedf32ad2e3d0804f80e4a510af86b28906e565934562329d99172b3a438350342bf57f73813557d866
-
SSDEEP
98304:AWtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0:A
Static task
static1
Behavioral task
behavioral1
Sample
82645945c9bc63d23da8e355065d8169_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
82645945c9bc63d23da8e355065d8169_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
82645945c9bc63d23da8e355065d8169_JaffaCakes118
-
Size
12.5MB
-
MD5
82645945c9bc63d23da8e355065d8169
-
SHA1
4a487d6edbb8c9fa70a6296726788ff74e6a675c
-
SHA256
378013409ea4fc145dcf70286fc119f61608b49411c7339af5755c09ad764217
-
SHA512
5edd520a4d65a133acec61f4c4e074c999c17eaef31e3aedf32ad2e3d0804f80e4a510af86b28906e565934562329d99172b3a438350342bf57f73813557d866
-
SSDEEP
98304:AWtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0:A
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2