General
-
Target
JaffaCakes118_a2fe2e4c7616bd5a654611000e6bd0c751558e06fd611feae3d2b4d16b71a3cb
-
Size
2.9MB
-
Sample
241223-ycyyesynez
-
MD5
c6484314a40bf277741522ce7b29245e
-
SHA1
ddf76065ffabd8865977edc7a1b13a52518a865b
-
SHA256
a2fe2e4c7616bd5a654611000e6bd0c751558e06fd611feae3d2b4d16b71a3cb
-
SHA512
e7392340da7d85048bbdbac90b8bec388967d5756ccbcf3bbbe498da4ca22eef4511e06ac240dc773e4a49418d253be339ee6cec1e13e0f4b350f0e49842fea7
-
SSDEEP
49152:ktmU2zO7Uh8avKQm4+tbwE4sJEOqBW12eqgN1mH0S/BpYarkXkCx55yar:GmU2zO7WKTJtbFZ4rgGUoBp2XbxLyo
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Installer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Installer.bin
-
Size
4.6MB
-
MD5
43dba66b8c79ae15207a60f4151934ca
-
SHA1
20d2f0cb9a7df3808aff1fb65a1a039c32508584
-
SHA256
03ebe6a1c6d8aca197174ddf127b9f4cdbfc9607eeba60920531d70170deb64f
-
SHA512
6d4492e06a039959cccc67b073b4d12293cf32a46858a99f850a9301f242df896a488bb1caba6a673719259091adb34170606225f2987c93f3111c2390821474
-
SSDEEP
49152:PrX04x/He4aIqYuUvsY5HXc8fqv6hugnMJ0dUBsAJjAwuoiap81gDy9zsESdFM:w4xfZ7T9fh/nMJ9fWq81oE
Score10/10-
Xmrig family
-
XMRig Miner payload
-
System Binary Proxy Execution: InstallUtil
Abuse InstallUtil to proxy execution of malicious code.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-