General
-
Target
839f07be0f3fc47d43e6c86cacdf209b_JaffaCakes118
-
Size
756KB
-
Sample
241031-xr55lssgmn
-
MD5
839f07be0f3fc47d43e6c86cacdf209b
-
SHA1
894403d5db1265d57e8e50cdb37603977797cfb5
-
SHA256
768b3adb95d7e973ece8056454fe08804244cbf50e163f87486e71914f9bfbb3
-
SHA512
d1a4af536eb99beeca78d92c0608de9b1be4f0e49f32970da0a6e151062195cf9999a0d33dc7c336e046c2fd4999d8aab8463453c901ac4f6e484d0099f3e8c4
-
SSDEEP
12288:4PD4CpYLzDvohLplCE1I3xavmuPiJtqZ1+GmAsbECr3BLHHvN9yqYoWYS9ue0SSD:A8C2nDaSavE93AsYqzPp89ESSvQP2T
Static task
static1
Behavioral task
behavioral1
Sample
839f07be0f3fc47d43e6c86cacdf209b_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
839f07be0f3fc47d43e6c86cacdf209b_JaffaCakes118
-
Size
756KB
-
MD5
839f07be0f3fc47d43e6c86cacdf209b
-
SHA1
894403d5db1265d57e8e50cdb37603977797cfb5
-
SHA256
768b3adb95d7e973ece8056454fe08804244cbf50e163f87486e71914f9bfbb3
-
SHA512
d1a4af536eb99beeca78d92c0608de9b1be4f0e49f32970da0a6e151062195cf9999a0d33dc7c336e046c2fd4999d8aab8463453c901ac4f6e484d0099f3e8c4
-
SSDEEP
12288:4PD4CpYLzDvohLplCE1I3xavmuPiJtqZ1+GmAsbECr3BLHHvN9yqYoWYS9ue0SSD:A8C2nDaSavE93AsYqzPp89ESSvQP2T
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-