General
-
Target
JaffaCakes118_a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6
-
Size
681.3MB
-
Sample
241222-jb73dayrat
-
MD5
3d2b342a8ac39e23ec8f44371fb4d001
-
SHA1
9c0c0f3e80932b0d92b51249f273fd1d67511aa2
-
SHA256
a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6
-
SHA512
f41a978c97bed0ab49f4bd6256037cc94726bc58f2cd238c0d0ea5fb5d3e0400bd763a1fb98dd584277ab3cf07a1bec3a5a34ea23d6376d63df6d67a13ea8a43
-
SSDEEP
49152:LbA3VkA0YiuBO8qbzb9ehNw6NbHHrc05RBtPXD2lIwgR3cjXBdlh:LbSx0ID26wY3T5DZXq2w3XBdr
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6
-
Size
681.3MB
-
MD5
3d2b342a8ac39e23ec8f44371fb4d001
-
SHA1
9c0c0f3e80932b0d92b51249f273fd1d67511aa2
-
SHA256
a19b07ba8129bd9a9375335887f5736e3d6a0c163b0df8ec3d6a3dbacdcfeed6
-
SHA512
f41a978c97bed0ab49f4bd6256037cc94726bc58f2cd238c0d0ea5fb5d3e0400bd763a1fb98dd584277ab3cf07a1bec3a5a34ea23d6376d63df6d67a13ea8a43
-
SSDEEP
49152:LbA3VkA0YiuBO8qbzb9ehNw6NbHHrc05RBtPXD2lIwgR3cjXBdlh:LbSx0ID26wY3T5DZXq2w3XBdr
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-