General
-
Target
1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118
-
Size
644KB
-
Sample
240701-k4tacswfkr
-
MD5
1ab71541ca9a32e1bf68f0cfea8e1f7b
-
SHA1
1b5615f4b20349b2939725fba10430540dc3c13d
-
SHA256
d24cd201b59ae8b4b5d3e91e5283c2fb09e8a1659812d8eb04e227061473e476
-
SHA512
3e7bd03b8deecf315a180f873d0486e7415fcb52e03f52f5eb8e33753bc6bedbd559db3f6bb9ca3b09ac3b1efea776eb46dd96e43eab2fd74ef2ba3e3b844651
-
SSDEEP
12288:YvFZvSduvBf6l2uoQceGlfziC8lQsIaz/Wc9Gojl3vtMK6:y3v1Bf6Yu36lfuCDaqc9Gojl3Fl
Static task
static1
Behavioral task
behavioral1
Sample
1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
amadey
2.11
109c93
http://csgoprofind.net
-
install_dir
de9b658861
-
install_file
rween.exe
-
strings_key
720b92c5e32946a09a188fd6d18f00e2
-
url_paths
/gWmR5f2W/index.php
Targets
-
-
Target
1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118
-
Size
644KB
-
MD5
1ab71541ca9a32e1bf68f0cfea8e1f7b
-
SHA1
1b5615f4b20349b2939725fba10430540dc3c13d
-
SHA256
d24cd201b59ae8b4b5d3e91e5283c2fb09e8a1659812d8eb04e227061473e476
-
SHA512
3e7bd03b8deecf315a180f873d0486e7415fcb52e03f52f5eb8e33753bc6bedbd559db3f6bb9ca3b09ac3b1efea776eb46dd96e43eab2fd74ef2ba3e3b844651
-
SSDEEP
12288:YvFZvSduvBf6l2uoQceGlfziC8lQsIaz/Wc9Gojl3vtMK6:y3v1Bf6Yu36lfuCDaqc9Gojl3Fl
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-