General
-
Target
1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118
-
Size
416KB
-
Sample
240702-njg85stfrr
-
MD5
1f26e5f9b44c28b37b6cd13283838366
-
SHA1
272b94c4d1d30dc9478675dd3df4a38029c1113e
-
SHA256
1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f
-
SHA512
3d3d10eb33006de70ffa36a5999b9d6ac2eafdff0a27c313542b34cffdbb8b736b5573ce21bd9778ddd0a825c7a807c64e15bd9d284fa80b316464505267936c
-
SSDEEP
6144:N4IB2aqIOEzOFtXs0ncp2sRAztOf7Yp4jOa9UpU:TBQIsFtXlc4w
Behavioral task
behavioral1
Sample
1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
gozi
Targets
-
-
Target
1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118
-
Size
416KB
-
MD5
1f26e5f9b44c28b37b6cd13283838366
-
SHA1
272b94c4d1d30dc9478675dd3df4a38029c1113e
-
SHA256
1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f
-
SHA512
3d3d10eb33006de70ffa36a5999b9d6ac2eafdff0a27c313542b34cffdbb8b736b5573ce21bd9778ddd0a825c7a807c64e15bd9d284fa80b316464505267936c
-
SSDEEP
6144:N4IB2aqIOEzOFtXs0ncp2sRAztOf7Yp4jOa9UpU:TBQIsFtXlc4w
Score10/10-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-