General
-
Target
1a8c526fef68c1289cd41addf512d9d8_JaffaCakes118
-
Size
107KB
-
Sample
240701-j2pnqa1and
-
MD5
1a8c526fef68c1289cd41addf512d9d8
-
SHA1
69f8ce5e596deefa1046042b7e75ffbb510bb4bd
-
SHA256
f2416b31c7a3b9671b5a90fea79c0c0830f5c7bf8735f0ff7af250214bf18192
-
SHA512
d88c19848b58ce9ade01ab89d6fbee4cfa23698dc00832d34dba7950009710c936aae9d935f75042f4b74ae3bff649b84a3272ccdc4c6d8f1a733104f8c1a63b
-
SSDEEP
1536:Pm8RjUcxYb9qlkommTck3TXC0crM1D+gV8g8p/yNfxoUwoGR9Hql:e8+PA3mmTcuS0crM1TNNfrwn
Static task
static1
Behavioral task
behavioral1
Sample
1a8c526fef68c1289cd41addf512d9d8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1a8c526fef68c1289cd41addf512d9d8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
gozi
Targets
-
-
Target
1a8c526fef68c1289cd41addf512d9d8_JaffaCakes118
-
Size
107KB
-
MD5
1a8c526fef68c1289cd41addf512d9d8
-
SHA1
69f8ce5e596deefa1046042b7e75ffbb510bb4bd
-
SHA256
f2416b31c7a3b9671b5a90fea79c0c0830f5c7bf8735f0ff7af250214bf18192
-
SHA512
d88c19848b58ce9ade01ab89d6fbee4cfa23698dc00832d34dba7950009710c936aae9d935f75042f4b74ae3bff649b84a3272ccdc4c6d8f1a733104f8c1a63b
-
SSDEEP
1536:Pm8RjUcxYb9qlkommTck3TXC0crM1D+gV8g8p/yNfxoUwoGR9Hql:e8+PA3mmTcuS0crM1TNNfrwn
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-