General
-
Target
bc4d2fd23a3ca94216443cea23381b54_JaffaCakes118
-
Size
816KB
-
Sample
240618-q8q9fswfqc
-
MD5
bc4d2fd23a3ca94216443cea23381b54
-
SHA1
7f3c793c3c6414d223f5ce7d5090bb9dc2dcd709
-
SHA256
34e6ca7fcd9b02405980bd6a92e20b8f972b0988e90576135c4ce12216f12f7e
-
SHA512
4f7ede4877feccbeb063cf7a2c9bcfe5c9e31f0336800f92c42259153724682599d466aa7500f344c6c370e3b300b3dc3ee4212f00b655bddc2a79fbafe0d5e9
-
SSDEEP
12288:6crq243ICNz1TJ987E77JALCkUBmke6dfDKT2UD4w3E1/JoV0TCV+Z:6e4d1q7o7Bkz3NDSpyG6+Z
Static task
static1
Behavioral task
behavioral1
Sample
bc4d2fd23a3ca94216443cea23381b54_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bc4d2fd23a3ca94216443cea23381b54_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
purbs.com
makarcheck.com
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
bc4d2fd23a3ca94216443cea23381b54_JaffaCakes118
-
Size
816KB
-
MD5
bc4d2fd23a3ca94216443cea23381b54
-
SHA1
7f3c793c3c6414d223f5ce7d5090bb9dc2dcd709
-
SHA256
34e6ca7fcd9b02405980bd6a92e20b8f972b0988e90576135c4ce12216f12f7e
-
SHA512
4f7ede4877feccbeb063cf7a2c9bcfe5c9e31f0336800f92c42259153724682599d466aa7500f344c6c370e3b300b3dc3ee4212f00b655bddc2a79fbafe0d5e9
-
SSDEEP
12288:6crq243ICNz1TJ987E77JALCkUBmke6dfDKT2UD4w3E1/JoV0TCV+Z:6e4d1q7o7Bkz3NDSpyG6+Z
Score10/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1