General
-
Target
edf2b27feef650adc22bbaa3a79b5add_JaffaCakes118
-
Size
2.6MB
-
Sample
240411-vvdhnabd7w
-
MD5
edf2b27feef650adc22bbaa3a79b5add
-
SHA1
a88880a6cc945e525caeb8cfbc9e842608a484d5
-
SHA256
6a1cb64eabc252644931b8d95a86b5625ea0d5610791ed4fae2e8041a79e615e
-
SHA512
5292e11c77bd2bcccc58acb578298c941dcc48bee44abb18d7198d156b818d97e8b4a5210aef68aa870ffe3098c8eeb0e9d52bde9a53f050292529d0d1c3d377
-
SSDEEP
49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99G2:tKq4oEa9RQs+Cn4/UK2
Behavioral task
behavioral1
Sample
edf2b27feef650adc22bbaa3a79b5add_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
edf2b27feef650adc22bbaa3a79b5add_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
edf2b27feef650adc22bbaa3a79b5add_JaffaCakes118
-
Size
2.6MB
-
MD5
edf2b27feef650adc22bbaa3a79b5add
-
SHA1
a88880a6cc945e525caeb8cfbc9e842608a484d5
-
SHA256
6a1cb64eabc252644931b8d95a86b5625ea0d5610791ed4fae2e8041a79e615e
-
SHA512
5292e11c77bd2bcccc58acb578298c941dcc48bee44abb18d7198d156b818d97e8b4a5210aef68aa870ffe3098c8eeb0e9d52bde9a53f050292529d0d1c3d377
-
SSDEEP
49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99G2:tKq4oEa9RQs+Cn4/UK2
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1