General
-
Target
03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118
-
Size
492KB
-
Sample
240622-1bqa1avcna
-
MD5
03e8d330abc77a6a9d635d2e7c0e213a
-
SHA1
f4215465ea2368922d8f47357ced112e10b2c6d9
-
SHA256
6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470
-
SHA512
58aa3c017d3e5202b6a0f3f3040ba265e62f5ec5fbaab3330583ad71d88aceefab94cd87e7abcf9c936c01316b0750b5ba629df1e0b5504dd006261ea0bc4314
-
SSDEEP
6144:l2FtkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upm:l2FtkmmCVRtPvq2+d/
Behavioral task
behavioral1
Sample
03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
gozi
Targets
-
-
Target
03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118
-
Size
492KB
-
MD5
03e8d330abc77a6a9d635d2e7c0e213a
-
SHA1
f4215465ea2368922d8f47357ced112e10b2c6d9
-
SHA256
6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470
-
SHA512
58aa3c017d3e5202b6a0f3f3040ba265e62f5ec5fbaab3330583ad71d88aceefab94cd87e7abcf9c936c01316b0750b5ba629df1e0b5504dd006261ea0bc4314
-
SSDEEP
6144:l2FtkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upm:l2FtkmmCVRtPvq2+d/
Score8/10-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-