General
-
Target
bc1883b07b47423bd30645e54db4775c_JaffaCakes118
-
Size
78KB
-
Sample
241203-g8r2batlcv
-
MD5
bc1883b07b47423bd30645e54db4775c
-
SHA1
2b96b8027083c5c44189ac03bafcc71df82a8ee1
-
SHA256
48c2b90f3474f4d286de08c54b114428b3d73497c0878b9a6185be07489d45d8
-
SHA512
6185931b4a06cd38dfaaecd4a60160bf7b07fa9bec3a1a2da0a1bbcda5ad7cf7f78b1a55810e065a1c6f29c7b5bbd64d584172e3d7386f6195ba1c8b4b28a85e
-
SSDEEP
1536:Kgzoa0BgdObHOjEb+96omECPxuXfDZEEkU3rHt81Hqf:Lzoa0yQnOhmEHCEkgry1H
Static task
static1
Behavioral task
behavioral1
Sample
bc1883b07b47423bd30645e54db4775c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bc1883b07b47423bd30645e54db4775c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
185.4.227.76
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
bc1883b07b47423bd30645e54db4775c_JaffaCakes118
-
Size
78KB
-
MD5
bc1883b07b47423bd30645e54db4775c
-
SHA1
2b96b8027083c5c44189ac03bafcc71df82a8ee1
-
SHA256
48c2b90f3474f4d286de08c54b114428b3d73497c0878b9a6185be07489d45d8
-
SHA512
6185931b4a06cd38dfaaecd4a60160bf7b07fa9bec3a1a2da0a1bbcda5ad7cf7f78b1a55810e065a1c6f29c7b5bbd64d584172e3d7386f6195ba1c8b4b28a85e
-
SSDEEP
1536:Kgzoa0BgdObHOjEb+96omECPxuXfDZEEkU3rHt81Hqf:Lzoa0yQnOhmEHCEkgry1H
Score10/10-
Tofsee family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-