General
-
Target
14abcdc70e8241e4d6aff50d87ed12ae_JaffaCakes118
-
Size
874KB
-
Sample
240627-ez486ssckd
-
MD5
14abcdc70e8241e4d6aff50d87ed12ae
-
SHA1
c80ff4c996dc233529344ba28e5275f34c8b050a
-
SHA256
9c438c5bdb0b14d8020665628536fc4e0cadd3eebf29e39bb675802666ab1567
-
SHA512
5a18c749c3630fb8cb74985d053540f7bb5cf760a5ca7db8a5a8000d366c9c03b36c341ce21bdcb217049b490c540cfe45fdf225e1b3367ce2015e1cee9c4366
-
SSDEEP
12288:rEH+9e0/hHFpS9fa2FzsKZhxiNtazSO5pDt3iWpjuE8NTrfMc0cinVTgtPv939qS:r99e0/Dpmf9t0GzfiWAEciVMtH939xLz
Static task
static1
Behavioral task
behavioral1
Sample
14abcdc70e8241e4d6aff50d87ed12ae_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
14abcdc70e8241e4d6aff50d87ed12ae_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
14abcdc70e8241e4d6aff50d87ed12ae_JaffaCakes118
-
Size
874KB
-
MD5
14abcdc70e8241e4d6aff50d87ed12ae
-
SHA1
c80ff4c996dc233529344ba28e5275f34c8b050a
-
SHA256
9c438c5bdb0b14d8020665628536fc4e0cadd3eebf29e39bb675802666ab1567
-
SHA512
5a18c749c3630fb8cb74985d053540f7bb5cf760a5ca7db8a5a8000d366c9c03b36c341ce21bdcb217049b490c540cfe45fdf225e1b3367ce2015e1cee9c4366
-
SSDEEP
12288:rEH+9e0/hHFpS9fa2FzsKZhxiNtazSO5pDt3iWpjuE8NTrfMc0cinVTgtPv939qS:r99e0/Dpmf9t0GzfiWAEciVMtH939xLz
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-