General
-
Target
045786107260b79f118f73ad58f68bc4_JaffaCakes118
-
Size
25.5MB
-
Sample
240428-eqdd4agb3w
-
MD5
045786107260b79f118f73ad58f68bc4
-
SHA1
ed93910aa6872d69df361d90b5baa0a6405f900c
-
SHA256
262637f0d632fb2cbb247377a1fbbdeb5fa94f2708155efb3ed9dcd060510cca
-
SHA512
7fb9c7f4d4cde73daa3faa55a61973a41f8eb685b0090de523039e111c35b192f78d08562d101702f9cce86c2d6e228c959ed189d381fef001b63e856a61bae8
-
SSDEEP
393216:dFgRav6cD534K8vhdFgRav6cD534K8vh:zv6cDqKChzv6cDqKCh
Behavioral task
behavioral1
Sample
045786107260b79f118f73ad58f68bc4_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
045786107260b79f118f73ad58f68bc4_JaffaCakes118
-
Size
25.5MB
-
MD5
045786107260b79f118f73ad58f68bc4
-
SHA1
ed93910aa6872d69df361d90b5baa0a6405f900c
-
SHA256
262637f0d632fb2cbb247377a1fbbdeb5fa94f2708155efb3ed9dcd060510cca
-
SHA512
7fb9c7f4d4cde73daa3faa55a61973a41f8eb685b0090de523039e111c35b192f78d08562d101702f9cce86c2d6e228c959ed189d381fef001b63e856a61bae8
-
SSDEEP
393216:dFgRav6cD534K8vhdFgRav6cD534K8vh:zv6cDqKChzv6cDqKCh
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2