General
-
Target
f9f8e07f3cb29331db336e4db624e1bf_JaffaCakes118
-
Size
840KB
-
Sample
240419-k26gxaec61
-
MD5
f9f8e07f3cb29331db336e4db624e1bf
-
SHA1
c26080643e3435628ce84c769da7445f32224aaf
-
SHA256
9d77f30678751ed6417beb09df31a5d5412233b4a1ff7df30e3d200e6cb496a3
-
SHA512
3e0e12b1d64128d0615fa8659b89b32123cc6574e7a2ae31d92e45ec9d5f7efe0188035745a1bb674b1f4b4448c7500f3a1f637771190ade941d95c937ec640e
-
SSDEEP
24576:94hOQ9PpEj3JApy8LTo7dPEIdKI8OIE9:aP6jJers3L8
Behavioral task
behavioral1
Sample
f9f8e07f3cb29331db336e4db624e1bf_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9f8e07f3cb29331db336e4db624e1bf_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://repoiury.com/inst.php?id=lee_03&lang=ENU
Targets
-
-
Target
f9f8e07f3cb29331db336e4db624e1bf_JaffaCakes118
-
Size
840KB
-
MD5
f9f8e07f3cb29331db336e4db624e1bf
-
SHA1
c26080643e3435628ce84c769da7445f32224aaf
-
SHA256
9d77f30678751ed6417beb09df31a5d5412233b4a1ff7df30e3d200e6cb496a3
-
SHA512
3e0e12b1d64128d0615fa8659b89b32123cc6574e7a2ae31d92e45ec9d5f7efe0188035745a1bb674b1f4b4448c7500f3a1f637771190ade941d95c937ec640e
-
SSDEEP
24576:94hOQ9PpEj3JApy8LTo7dPEIdKI8OIE9:aP6jJers3L8
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-