General
-
Target
20582340f93fdefaaeb114ffd7f659e2_JaffaCakes118
-
Size
351KB
-
Sample
240702-3yhwjs1arn
-
MD5
20582340f93fdefaaeb114ffd7f659e2
-
SHA1
2b298bc579a805f020d0f8c2a4ec8dafada61417
-
SHA256
e37938245442bf4c1114da250f93cb5cc2fea5c35e50883b819f3c8afc4ab363
-
SHA512
31bd2f9061d6026f9cd8ada6f57e07a4c1c4db7ee7ff9bb279cd6659b848f23917e264cf65af31fb3ce5f592a2a6358b931341d0e660f9f82c525379834bbb5d
-
SSDEEP
6144:kOzzBxDMAYloj1/L8YEAQwgG5hOm3Y/eUObRPlV:VvBxDMAzjN4YEAFMmo/AbRP
Static task
static1
Behavioral task
behavioral1
Sample
20582340f93fdefaaeb114ffd7f659e2_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
20582340f93fdefaaeb114ffd7f659e2_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
20582340f93fdefaaeb114ffd7f659e2_JaffaCakes118
-
Size
351KB
-
MD5
20582340f93fdefaaeb114ffd7f659e2
-
SHA1
2b298bc579a805f020d0f8c2a4ec8dafada61417
-
SHA256
e37938245442bf4c1114da250f93cb5cc2fea5c35e50883b819f3c8afc4ab363
-
SHA512
31bd2f9061d6026f9cd8ada6f57e07a4c1c4db7ee7ff9bb279cd6659b848f23917e264cf65af31fb3ce5f592a2a6358b931341d0e660f9f82c525379834bbb5d
-
SSDEEP
6144:kOzzBxDMAYloj1/L8YEAQwgG5hOm3Y/eUObRPlV:VvBxDMAzjN4YEAFMmo/AbRP
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1