General
-
Target
JaffaCakes118_0bf948a05116ea7c96990aad936e5b3a
-
Size
1.0MB
-
Sample
250529-2tvtwazkz7
-
MD5
0bf948a05116ea7c96990aad936e5b3a
-
SHA1
37405987519bf3b3cb7e9097559c401b84d349fb
-
SHA256
58fe3e319b116b4fd80121eab6f01e3c81855501aad562c5ccafc324d85c5c27
-
SHA512
62bd3e963aaa484f97de59780e0a82906f34b37a05c2dfb43440972b8cc63cdb50cbc6638d749e27e6284d0549b7194ae6944023000a9ad302a765bb1cb5714f
-
SSDEEP
24576:eRohq+QEOoh6EFE4MdXyMQQd6uzfCycIOag8:05+9DF/0Thd6u7WI
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0bf948a05116ea7c96990aad936e5b3a.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0bf948a05116ea7c96990aad936e5b3a.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_0bf948a05116ea7c96990aad936e5b3a
-
Size
1.0MB
-
MD5
0bf948a05116ea7c96990aad936e5b3a
-
SHA1
37405987519bf3b3cb7e9097559c401b84d349fb
-
SHA256
58fe3e319b116b4fd80121eab6f01e3c81855501aad562c5ccafc324d85c5c27
-
SHA512
62bd3e963aaa484f97de59780e0a82906f34b37a05c2dfb43440972b8cc63cdb50cbc6638d749e27e6284d0549b7194ae6944023000a9ad302a765bb1cb5714f
-
SSDEEP
24576:eRohq+QEOoh6EFE4MdXyMQQd6uzfCycIOag8:05+9DF/0Thd6u7WI
-
Renames multiple (152) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1