General
-
Target
09bf965f2e6c6182342110ec95cbacdd_JaffaCakes118
-
Size
2.5MB
-
Sample
240624-vkn7eatalb
-
MD5
09bf965f2e6c6182342110ec95cbacdd
-
SHA1
7dcf765c2a4afc9ed14cc19cdb925f9857748213
-
SHA256
d81b25ba955e8ab608e792df5b5ddc3a1c3a3dfc66c8801fa82c456326af597a
-
SHA512
4dec0bcda949aae0409019218690036bec483e340faea4d7c2b8a30218a082c371957ecf193a938acb8ac4e88dec5ebb30c6d61870f218ed979c58837541c018
-
SSDEEP
49152:7pVxXrwHcI9iOe1SfGYo1IiouCpAPcuv3+FwieK6EUhmQudRlS7hChUPH:7RXrw8I9JeaoaioUTv3+FLeKPUhZud7G
Behavioral task
behavioral1
Sample
09bf965f2e6c6182342110ec95cbacdd_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
gozi
Targets
-
-
Target
09bf965f2e6c6182342110ec95cbacdd_JaffaCakes118
-
Size
2.5MB
-
MD5
09bf965f2e6c6182342110ec95cbacdd
-
SHA1
7dcf765c2a4afc9ed14cc19cdb925f9857748213
-
SHA256
d81b25ba955e8ab608e792df5b5ddc3a1c3a3dfc66c8801fa82c456326af597a
-
SHA512
4dec0bcda949aae0409019218690036bec483e340faea4d7c2b8a30218a082c371957ecf193a938acb8ac4e88dec5ebb30c6d61870f218ed979c58837541c018
-
SSDEEP
49152:7pVxXrwHcI9iOe1SfGYo1IiouCpAPcuv3+FwieK6EUhmQudRlS7hChUPH:7RXrw8I9JeaoaioUTv3+FLeKPUhZud7G
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-