General
-
Target
0163c8a75b3df85a24517f510318e98b_JaffaCakes118
-
Size
17.7MB
-
Sample
240426-w3yz1aad51
-
MD5
0163c8a75b3df85a24517f510318e98b
-
SHA1
3c0d88ecfddd1266d2e90ac4a8e22c61bd6bf284
-
SHA256
d5502fc405ea55845a834acdbd2a31be194203509424f0e6f0908aef0b289478
-
SHA512
5bffc735177fae231276e3f4ea8e5c1e1b6bd4bd0414f1de7f52b105652a9035c4f90c35b2842f9a3b3a96f24cefe4ccac0361fe07a740c19ea96f2d699937de
-
SSDEEP
196608:Ta9+6Y7SOEibgRpJhZPzmGP8o0ZPzmGP8Aa9+6Y7SOEibgRpJhZPzmGP8o0ZPzm1:TFgROGRGxFgROGRGy
Behavioral task
behavioral1
Sample
0163c8a75b3df85a24517f510318e98b_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
0163c8a75b3df85a24517f510318e98b_JaffaCakes118
-
Size
17.7MB
-
MD5
0163c8a75b3df85a24517f510318e98b
-
SHA1
3c0d88ecfddd1266d2e90ac4a8e22c61bd6bf284
-
SHA256
d5502fc405ea55845a834acdbd2a31be194203509424f0e6f0908aef0b289478
-
SHA512
5bffc735177fae231276e3f4ea8e5c1e1b6bd4bd0414f1de7f52b105652a9035c4f90c35b2842f9a3b3a96f24cefe4ccac0361fe07a740c19ea96f2d699937de
-
SSDEEP
196608:Ta9+6Y7SOEibgRpJhZPzmGP8o0ZPzmGP8Aa9+6Y7SOEibgRpJhZPzmGP8o0ZPzm1:TFgROGRGxFgROGRGy
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2