General
-
Target
b598c70600e96cd21f5ee80cac5041b1_JaffaCakes118
-
Size
14.3MB
-
Sample
241201-24zktawqbz
-
MD5
b598c70600e96cd21f5ee80cac5041b1
-
SHA1
b5054afd240d38b4a452fbc3da6c11c99cb47aac
-
SHA256
a5c89dbcfcc30b80354c001e087b061544c1e1f64a40e2b02935a4a1e9138252
-
SHA512
4bf972d79628153e5b4f37d2979caa60cbb4d6093ce9979ccadfc468b466c797dcaa9cff3e2839e48419fe224de14f2c18b88602f3f89d47e5cd68f00edd8db2
-
SSDEEP
196608:jXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXH:
Static task
static1
Behavioral task
behavioral1
Sample
b598c70600e96cd21f5ee80cac5041b1_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b598c70600e96cd21f5ee80cac5041b1_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
b598c70600e96cd21f5ee80cac5041b1_JaffaCakes118
-
Size
14.3MB
-
MD5
b598c70600e96cd21f5ee80cac5041b1
-
SHA1
b5054afd240d38b4a452fbc3da6c11c99cb47aac
-
SHA256
a5c89dbcfcc30b80354c001e087b061544c1e1f64a40e2b02935a4a1e9138252
-
SHA512
4bf972d79628153e5b4f37d2979caa60cbb4d6093ce9979ccadfc468b466c797dcaa9cff3e2839e48419fe224de14f2c18b88602f3f89d47e5cd68f00edd8db2
-
SSDEEP
196608:jXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXH:
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2