Extracted

• • Target

    e21cc0018a58dfb99e9192f8360786a4_JaffaCakes118

  • Size

    424KB

  • MD5

    e21cc0018a58dfb99e9192f8360786a4

  • SHA1

    27d84ffef5d8bc74985486ac21ef9f36451f4a75

  • SHA256

    f4d93493212fb6d4770b8059eaf77dd70ba330ac20060440f866e58dee4041f3

  • SHA512

    c3a4d884b5fd9553d6b2f0f5e4b63c392751d89d32d2d3a20f18c33543e8110ea185c20bd1e5be570e7a0b4b5777ef14ffdf9e855b47f9ff94617ea62c339839

  • SSDEEP

    12288:ZNh/AV3vGLpaOV9HpiBM2EM7TmD9SRJVeBtPBOq+yNU:/StmpasHoVmDuVeB/OiU

  Score

  10^/10

  persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2