General
-
Target
da850e482c7b7b9daa4f2dadc45465b8_JaffaCakes118
-
Size
549KB
-
Sample
241209-tz1nbatmhx
-
MD5
da850e482c7b7b9daa4f2dadc45465b8
-
SHA1
a73cfb93a76081704d021c061688f5278fe70e43
-
SHA256
b083d9975868f9db819f144c6301051a35ce490af730ca65f3b2fcfedccce962
-
SHA512
65da3971bd9e026f7800ba0e359b108559f1548a9a13dd491a3ecfff4d7561fa76b2dbadbbc5ff7f2c6cf0f91048f0b704b0c75fa7a723c6d47bc3fcfafdbc83
-
SSDEEP
12288:F2S7zTYrvnhMk2r6sl10yYqJOkx6FvUyMrusgfVyr7mr:0S7orak2SIOqFVyhErKr
Static task
static1
Behavioral task
behavioral1
Sample
da850e482c7b7b9daa4f2dadc45465b8_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
latentbot
snaggelpuss123.zapto.org
Targets
-
-
Target
da850e482c7b7b9daa4f2dadc45465b8_JaffaCakes118
-
Size
549KB
-
MD5
da850e482c7b7b9daa4f2dadc45465b8
-
SHA1
a73cfb93a76081704d021c061688f5278fe70e43
-
SHA256
b083d9975868f9db819f144c6301051a35ce490af730ca65f3b2fcfedccce962
-
SHA512
65da3971bd9e026f7800ba0e359b108559f1548a9a13dd491a3ecfff4d7561fa76b2dbadbbc5ff7f2c6cf0f91048f0b704b0c75fa7a723c6d47bc3fcfafdbc83
-
SSDEEP
12288:F2S7zTYrvnhMk2r6sl10yYqJOkx6FvUyMrusgfVyr7mr:0S7orak2SIOqFVyhErKr
-
Darkcomet family
-
Latentbot family
-
Modifies firewall policy service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-