General
-
Target
JaffaCakes118_198cac834f2035248a9e788928666e62789cc92e396c8fe57efb539adce8db12
-
Size
285KB
-
Sample
241226-terjxazkdw
-
MD5
7054f61d1e5508cd336cc4651f736acf
-
SHA1
3e21556cb84c067fe7c79abe3ef4bbd9fea335d0
-
SHA256
198cac834f2035248a9e788928666e62789cc92e396c8fe57efb539adce8db12
-
SHA512
42eeefacf1854770ddc4f76292c233009e15cc0d42d984e4f1bc7fe763a790b8b2483a8c6fbefdfab49d957c453bf55d2ddf080533b8a01cb68ba8050545a1c1
-
SSDEEP
6144:2KFbjVUyrQk3RMPrCpcaJlkHuzbgwu6L7ITsqSigaTwVf:xbjKQB3SMaHunnn7s
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_198cac834f2035248a9e788928666e62789cc92e396c8fe57efb539adce8db12.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_198cac834f2035248a9e788928666e62789cc92e396c8fe57efb539adce8db12.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
JaffaCakes118_198cac834f2035248a9e788928666e62789cc92e396c8fe57efb539adce8db12
-
Size
285KB
-
MD5
7054f61d1e5508cd336cc4651f736acf
-
SHA1
3e21556cb84c067fe7c79abe3ef4bbd9fea335d0
-
SHA256
198cac834f2035248a9e788928666e62789cc92e396c8fe57efb539adce8db12
-
SHA512
42eeefacf1854770ddc4f76292c233009e15cc0d42d984e4f1bc7fe763a790b8b2483a8c6fbefdfab49d957c453bf55d2ddf080533b8a01cb68ba8050545a1c1
-
SSDEEP
6144:2KFbjVUyrQk3RMPrCpcaJlkHuzbgwu6L7ITsqSigaTwVf:xbjKQB3SMaHunnn7s
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2