General
-
Target
JaffaCakes118_c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142
-
Size
749.4MB
-
Sample
241223-tfqn1atqaw
-
MD5
35236ddbbeaffdbdbfbf0c9b26a300c2
-
SHA1
4e4f97b9f77e04a9917d85c6d2b3c49e9769089f
-
SHA256
c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142
-
SHA512
1146a6dd72cfdc103707c811c38bb9af439ce9fd90965599d638ca95b70a81edb82ab1b56f87ccb2766b7b2beb6bf4f838514215861e2cd7f7f57e6fb728021d
-
SSDEEP
786432:d1GbxO4RF4z4aIieFtnzZxVsWM0l3JSRR7faj/O631h6QeXJDjAwAZcho:d1gxV7g4aIiw9xVnMc5SX0/AQ6TAZG
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142
-
Size
749.4MB
-
MD5
35236ddbbeaffdbdbfbf0c9b26a300c2
-
SHA1
4e4f97b9f77e04a9917d85c6d2b3c49e9769089f
-
SHA256
c3796170ce376b63718d114c759fc1c69045d09ce0923f74ad96ba8fc734d142
-
SHA512
1146a6dd72cfdc103707c811c38bb9af439ce9fd90965599d638ca95b70a81edb82ab1b56f87ccb2766b7b2beb6bf4f838514215861e2cd7f7f57e6fb728021d
-
SSDEEP
786432:d1GbxO4RF4z4aIieFtnzZxVsWM0l3JSRR7faj/O631h6QeXJDjAwAZcho:d1gxV7g4aIiw9xVnMc5SX0/AQ6TAZG
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1