General
-
Target
1dcad7c8f56207b2c423353f0c328755_JaffaCakes118
-
Size
452KB
-
Sample
240702-22vh3svbkg
-
MD5
1dcad7c8f56207b2c423353f0c328755
-
SHA1
d7e3924ca83e1a2355f3f1e2816dfd417892afc2
-
SHA256
4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38
-
SHA512
af0deb1fd5cbbf2a925143d87b9d3acb7feec6735ec13d6d7be812af9268419d02080318ed1f48a4ad8f301c8f8f82496426abe2698c7dba3bff6fe248afc285
-
SSDEEP
6144:7btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:7mmCVRtPvq2+d/
Behavioral task
behavioral1
Sample
1dcad7c8f56207b2c423353f0c328755_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1dcad7c8f56207b2c423353f0c328755_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
gozi
Targets
-
-
Target
1dcad7c8f56207b2c423353f0c328755_JaffaCakes118
-
Size
452KB
-
MD5
1dcad7c8f56207b2c423353f0c328755
-
SHA1
d7e3924ca83e1a2355f3f1e2816dfd417892afc2
-
SHA256
4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38
-
SHA512
af0deb1fd5cbbf2a925143d87b9d3acb7feec6735ec13d6d7be812af9268419d02080318ed1f48a4ad8f301c8f8f82496426abe2698c7dba3bff6fe248afc285
-
SSDEEP
6144:7btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:7mmCVRtPvq2+d/
Score8/10-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-