General
-
Target
f17a54aefe9af6d6742d57c3bde04d04_JaffaCakes118
-
Size
88KB
-
Sample
241215-azl1daypgw
-
MD5
f17a54aefe9af6d6742d57c3bde04d04
-
SHA1
36d0543095983f41938cf41878e16e5409048ada
-
SHA256
3f649aed980d17ec837e948e9c33ce63a5349dbd2b92e1c1f8bc751de8f2e633
-
SHA512
ec32e33793b2ccdedfc244a84edc2d97fe2b67239b028c808c8b7c41f24a7bfc6b5c1a731a802205279d2c98e40f2f024a8a627c1a362c4d0b0530c3d19781da
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEm:6D0ctAVA/bmxIMnoKjyR/Nm
Static task
static1
Behavioral task
behavioral1
Sample
f17a54aefe9af6d6742d57c3bde04d04_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f17a54aefe9af6d6742d57c3bde04d04_JaffaCakes118
-
Size
88KB
-
MD5
f17a54aefe9af6d6742d57c3bde04d04
-
SHA1
36d0543095983f41938cf41878e16e5409048ada
-
SHA256
3f649aed980d17ec837e948e9c33ce63a5349dbd2b92e1c1f8bc751de8f2e633
-
SHA512
ec32e33793b2ccdedfc244a84edc2d97fe2b67239b028c808c8b7c41f24a7bfc6b5c1a731a802205279d2c98e40f2f024a8a627c1a362c4d0b0530c3d19781da
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEm:6D0ctAVA/bmxIMnoKjyR/Nm
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-