General
-
Target
0280f829e17c59dfa421ea5cbebaa6d8_JaffaCakes118
-
Size
26.6MB
-
Sample
240427-fw3rlsbg84
-
MD5
0280f829e17c59dfa421ea5cbebaa6d8
-
SHA1
50642f6abc70a42b0770bc2a49fcb34daa0b63e5
-
SHA256
dfad96046571147178942c40cfb4912a9049238418d77b8008950ae012b2336e
-
SHA512
5a08389c0bbcaab2cf66b4c883e39b1de2d172b8ed35c52dd12686161192fb57155840099bafb4c36016d687d6394948ff231e32c7391a09f9f49f24362fcbe5
-
SSDEEP
393216:dFgRav6WyzPpeOGhu4hpFgRav6WyzPpeOGhu4hq1A16:zv6WyTr4hHv6WyTr4hE
Behavioral task
behavioral1
Sample
0280f829e17c59dfa421ea5cbebaa6d8_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
0280f829e17c59dfa421ea5cbebaa6d8_JaffaCakes118
-
Size
26.6MB
-
MD5
0280f829e17c59dfa421ea5cbebaa6d8
-
SHA1
50642f6abc70a42b0770bc2a49fcb34daa0b63e5
-
SHA256
dfad96046571147178942c40cfb4912a9049238418d77b8008950ae012b2336e
-
SHA512
5a08389c0bbcaab2cf66b4c883e39b1de2d172b8ed35c52dd12686161192fb57155840099bafb4c36016d687d6394948ff231e32c7391a09f9f49f24362fcbe5
-
SSDEEP
393216:dFgRav6WyzPpeOGhu4hpFgRav6WyzPpeOGhu4hq1A16:zv6WyTr4hHv6WyTr4hE
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2