General
-
Target
f87f80ac20692d98173fa85cff1d53d4_JaffaCakes118
-
Size
47KB
-
Sample
240418-wr668sba66
-
MD5
f87f80ac20692d98173fa85cff1d53d4
-
SHA1
d9b54a5cd4459f8624fd9ec3bd868ef0e7028741
-
SHA256
939a78eb46838db8dedfb5a5fae5619cb7462093c12e9cb21e7f571d5e21dec0
-
SHA512
143942407b35cbe63fef9c5392d98626747363e5c716cf6cfe04bcf9fb782c7d4de3ede985da5fa9b3b46f360739edf7a8b6f07b5098476de31a9cf464b53113
-
SSDEEP
768:aCbz5H3N6XTeWgGfBy2XrrLg9liGqv4lyPhSfXwfiAhIBbFVMn11xYvsft9L/x43:aizJN6XTtg+ByJjTNyPhSPwfi8mVMn1K
Static task
static1
Behavioral task
behavioral1
Sample
f87f80ac20692d98173fa85cff1d53d4_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f87f80ac20692d98173fa85cff1d53d4_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f87f80ac20692d98173fa85cff1d53d4_JaffaCakes118
-
Size
47KB
-
MD5
f87f80ac20692d98173fa85cff1d53d4
-
SHA1
d9b54a5cd4459f8624fd9ec3bd868ef0e7028741
-
SHA256
939a78eb46838db8dedfb5a5fae5619cb7462093c12e9cb21e7f571d5e21dec0
-
SHA512
143942407b35cbe63fef9c5392d98626747363e5c716cf6cfe04bcf9fb782c7d4de3ede985da5fa9b3b46f360739edf7a8b6f07b5098476de31a9cf464b53113
-
SSDEEP
768:aCbz5H3N6XTeWgGfBy2XrrLg9liGqv4lyPhSfXwfiAhIBbFVMn11xYvsft9L/x43:aizJN6XTtg+ByJjTNyPhSPwfi8mVMn1K
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-