General
-
Target
fbfab3f0db5067f3e8aae218d5752c3a_JaffaCakes118
-
Size
295KB
-
Sample
240420-fmsv2shb46
-
MD5
fbfab3f0db5067f3e8aae218d5752c3a
-
SHA1
4112713473652324d65554aad800fc159c45a4e6
-
SHA256
85c2d210b1aecb5743c097ef93941ed5383d11df0a18f8303437906bed8f02e8
-
SHA512
ab781b73fbb3e8c1ad04a5fbba415a5deebfd7bac391f3ae30c4f7ce078d5ecc083ff7ed39778efe67d6cbc93610c967054f5621ff6c0f8c70f5a1a16117fa5e
-
SSDEEP
3072:gyNx+ONJItfWA3VqDO3+YCYkQZOr/V8Z451u/WCWoTrAyA8kzNYQdrsjA7WGpyPb:FNxPYfWA4jYfoL
Static task
static1
Behavioral task
behavioral1
Sample
fbfab3f0db5067f3e8aae218d5752c3a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fbfab3f0db5067f3e8aae218d5752c3a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fbfab3f0db5067f3e8aae218d5752c3a_JaffaCakes118
-
Size
295KB
-
MD5
fbfab3f0db5067f3e8aae218d5752c3a
-
SHA1
4112713473652324d65554aad800fc159c45a4e6
-
SHA256
85c2d210b1aecb5743c097ef93941ed5383d11df0a18f8303437906bed8f02e8
-
SHA512
ab781b73fbb3e8c1ad04a5fbba415a5deebfd7bac391f3ae30c4f7ce078d5ecc083ff7ed39778efe67d6cbc93610c967054f5621ff6c0f8c70f5a1a16117fa5e
-
SSDEEP
3072:gyNx+ONJItfWA3VqDO3+YCYkQZOr/V8Z451u/WCWoTrAyA8kzNYQdrsjA7WGpyPb:FNxPYfWA4jYfoL
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1