General
-
Target
da9812a342b10c1429a60af815cc85f5_JaffaCakes118
-
Size
2.7MB
-
Sample
241209-vbld6ayrbk
-
MD5
da9812a342b10c1429a60af815cc85f5
-
SHA1
3a81dace6a19ccd2564564c90e92099addcf539a
-
SHA256
b16a424da66859604542b125c1db27fedd52eb23db2d7459299849408c739d71
-
SHA512
e7c6736493603dc10f0d7675d8d667fb8418449c4e2f8e555a7a47e7e8254964d72a86a576f810a1084e53959934ff64323a659b690d40021796111606e3803a
-
SSDEEP
49152:UTCl/+XjmjnJ1vN0kGOWmSPrH+HVGvzzRUc6lwuZ1cT2/LRS:2O/jrykGOWmSK1AajZ1c6T0
Static task
static1
Behavioral task
behavioral1
Sample
da9812a342b10c1429a60af815cc85f5_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
bitrat
1.35
storage.nsupdate.info:8973
-
communication_password
bf771c9d082071fe80b18bb678220682
-
tor_process
tor
Targets
-
-
Target
da9812a342b10c1429a60af815cc85f5_JaffaCakes118
-
Size
2.7MB
-
MD5
da9812a342b10c1429a60af815cc85f5
-
SHA1
3a81dace6a19ccd2564564c90e92099addcf539a
-
SHA256
b16a424da66859604542b125c1db27fedd52eb23db2d7459299849408c739d71
-
SHA512
e7c6736493603dc10f0d7675d8d667fb8418449c4e2f8e555a7a47e7e8254964d72a86a576f810a1084e53959934ff64323a659b690d40021796111606e3803a
-
SSDEEP
49152:UTCl/+XjmjnJ1vN0kGOWmSPrH+HVGvzzRUc6lwuZ1cT2/LRS:2O/jrykGOWmSK1AajZ1c6T0
-
Bitrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-