General
-
Target
f093f75b0c4fb499e79407a6f1e0677b_JaffaCakes118
-
Size
1.1MB
-
Sample
240415-jb1nasca4t
-
MD5
f093f75b0c4fb499e79407a6f1e0677b
-
SHA1
4c49a59b3723aef75f7dbb1270151112cc844c7e
-
SHA256
7c313a9892feb0bd975f6d8c1fe9ea0447adbf738c88353236079693046bb4d8
-
SHA512
5034c1fab191f226aaa82f3f44b31d34f078c7aee2027f70a02cf6acb6db239311df60deacf19c1b798a658e4fdf775b4bbd67b0ba813357dc49f8247b7a1a68
-
SSDEEP
12288:A5fQl3fYNmFm4ODd6spRXLh2pBHMP4KSt9043Q5yzYtS5Ur8bmFzujLRI4LZJZjE:DvYRRLpNAttTXgVan
Static task
static1
Behavioral task
behavioral1
Sample
f093f75b0c4fb499e79407a6f1e0677b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f093f75b0c4fb499e79407a6f1e0677b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
f093f75b0c4fb499e79407a6f1e0677b_JaffaCakes118
-
Size
1.1MB
-
MD5
f093f75b0c4fb499e79407a6f1e0677b
-
SHA1
4c49a59b3723aef75f7dbb1270151112cc844c7e
-
SHA256
7c313a9892feb0bd975f6d8c1fe9ea0447adbf738c88353236079693046bb4d8
-
SHA512
5034c1fab191f226aaa82f3f44b31d34f078c7aee2027f70a02cf6acb6db239311df60deacf19c1b798a658e4fdf775b4bbd67b0ba813357dc49f8247b7a1a68
-
SSDEEP
12288:A5fQl3fYNmFm4ODd6spRXLh2pBHMP4KSt9043Q5yzYtS5Ur8bmFzujLRI4LZJZjE:DvYRRLpNAttTXgVan
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-