General
-
Target
JaffaCakes118_63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1
-
Size
21.6MB
-
Sample
241223-tkn1zatqhw
-
MD5
78d55bec3868cbfb8ddea16e43cc7d1d
-
SHA1
1d9a7975b05634d227f848c745d8ebc2f4efe269
-
SHA256
63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1
-
SHA512
87edf121b27d9411747a7111ee8f9b98a68fb1d1036e3d09a3e57079fea994fcf5e712f9fdfa9f8b323b85702ef87e30c46ddcd76c85a40108788caf3e595b12
-
SSDEEP
393216:9CTxOIMfqR6mcLk9ZSniBUPkX0Eblsdxp6/BXFiaN1ATLJ174kfD5d56sT9QW31O:9UKkXEckEtsckVd0sT/o
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
JaffaCakes118_63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1
-
Size
21.6MB
-
MD5
78d55bec3868cbfb8ddea16e43cc7d1d
-
SHA1
1d9a7975b05634d227f848c745d8ebc2f4efe269
-
SHA256
63cf3271c242617c82e09d9def60eb9fec4ec205ab07c590288bed79eed300c1
-
SHA512
87edf121b27d9411747a7111ee8f9b98a68fb1d1036e3d09a3e57079fea994fcf5e712f9fdfa9f8b323b85702ef87e30c46ddcd76c85a40108788caf3e595b12
-
SSDEEP
393216:9CTxOIMfqR6mcLk9ZSniBUPkX0Eblsdxp6/BXFiaN1ATLJ174kfD5d56sT9QW31O:9UKkXEckEtsckVd0sT/o
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-