General
-
Target
d958277b511acf4f8dae3d75c594db6c_JaffaCakes118
-
Size
356KB
-
Sample
241209-ncwg7azpgm
-
MD5
d958277b511acf4f8dae3d75c594db6c
-
SHA1
b9a2113f62e2f559d51d70a35c77dff7e39294ed
-
SHA256
065d9b1dd188b626515ce09b19cd24d7e16a160ac5319136e65aa3c561657426
-
SHA512
21f5bfd2e04283a8d32f79cb10c823a66ebebc9d7ca9fc9a14d8fc3e4b31de1d0232141336c5816b098598f0ec2f4f2db5cbe44e4ebfffc792f01f55c96c4441
-
SSDEEP
6144:0tkXQh+fOZTb4rVfYn33rVRRF5GPXpkHg0Sme9k4GgzsdHXTvLRUQSOObAIAWgcu:8VxQap5KDox3lWnk
Static task
static1
Behavioral task
behavioral1
Sample
d958277b511acf4f8dae3d75c594db6c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d958277b511acf4f8dae3d75c594db6c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
rudas199300
Targets
-
-
Target
d958277b511acf4f8dae3d75c594db6c_JaffaCakes118
-
Size
356KB
-
MD5
d958277b511acf4f8dae3d75c594db6c
-
SHA1
b9a2113f62e2f559d51d70a35c77dff7e39294ed
-
SHA256
065d9b1dd188b626515ce09b19cd24d7e16a160ac5319136e65aa3c561657426
-
SHA512
21f5bfd2e04283a8d32f79cb10c823a66ebebc9d7ca9fc9a14d8fc3e4b31de1d0232141336c5816b098598f0ec2f4f2db5cbe44e4ebfffc792f01f55c96c4441
-
SSDEEP
6144:0tkXQh+fOZTb4rVfYn33rVRRF5GPXpkHg0Sme9k4GgzsdHXTvLRUQSOObAIAWgcu:8VxQap5KDox3lWnk
-
Hawkeye family
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4