General
-
Target
0c2b04e4091af239fb80d7b2aab6f0c9_JaffaCakes118
-
Size
107KB
-
Sample
240621-rjnmpstanh
-
MD5
0c2b04e4091af239fb80d7b2aab6f0c9
-
SHA1
dc52874aacf3be3b463cac375bd471e13ff260ed
-
SHA256
042d17bec0bdc75cdb620ba62bc72140c9486c9c1eeb35edec24972498c5dc45
-
SHA512
1a9762d4703e23e6f31bb4b163197470c7cb308ea7b16b77a0fd58563a796d8d099c2f0d294fe396ddf3be1213e6df60add4f78a25cd5ec73aea0597f4144918
-
SSDEEP
3072:HRO6Hu0ILzqLrMTWeZvTE1yWZf/QsMwf:HRNHu0mqLrLexWx/J
Static task
static1
Behavioral task
behavioral1
Sample
0c2b04e4091af239fb80d7b2aab6f0c9_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0c2b04e4091af239fb80d7b2aab6f0c9_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
gozi
Targets
-
-
Target
0c2b04e4091af239fb80d7b2aab6f0c9_JaffaCakes118
-
Size
107KB
-
MD5
0c2b04e4091af239fb80d7b2aab6f0c9
-
SHA1
dc52874aacf3be3b463cac375bd471e13ff260ed
-
SHA256
042d17bec0bdc75cdb620ba62bc72140c9486c9c1eeb35edec24972498c5dc45
-
SHA512
1a9762d4703e23e6f31bb4b163197470c7cb308ea7b16b77a0fd58563a796d8d099c2f0d294fe396ddf3be1213e6df60add4f78a25cd5ec73aea0597f4144918
-
SSDEEP
3072:HRO6Hu0ILzqLrMTWeZvTE1yWZf/QsMwf:HRNHu0mqLrLexWx/J
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-