General
-
Target
029d754540b44c89ee0b89b3968eb11c_JaffaCakes118
-
Size
8.3MB
-
Sample
240427-g2we6ach37
-
MD5
029d754540b44c89ee0b89b3968eb11c
-
SHA1
83f302da1efdd29d5e7e52338b2fdcb04ba2c8e8
-
SHA256
8edba9ceec24a3471f3ed9bc14830de4e9c31b574ae712014b8145e2700885ff
-
SHA512
ef2e8afcaa63ff145a36969b9d0dca601d470354abbf4454ec89150d143dcf7672135c8c13d03cda26aafd832b060b9de19c3dd3b4edfda41394b7b900fed4bf
-
SSDEEP
98304:zv3apmo1Y4+6Y7SOEfX/SbgRlmH5nBnEQWoYIsaOyk3xaIYOXwnS4rVKqGn89V4G:Ta9+6Y7SOEibgRYBTYSOyCyIP
Behavioral task
behavioral1
Sample
029d754540b44c89ee0b89b3968eb11c_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
029d754540b44c89ee0b89b3968eb11c_JaffaCakes118
-
Size
8.3MB
-
MD5
029d754540b44c89ee0b89b3968eb11c
-
SHA1
83f302da1efdd29d5e7e52338b2fdcb04ba2c8e8
-
SHA256
8edba9ceec24a3471f3ed9bc14830de4e9c31b574ae712014b8145e2700885ff
-
SHA512
ef2e8afcaa63ff145a36969b9d0dca601d470354abbf4454ec89150d143dcf7672135c8c13d03cda26aafd832b060b9de19c3dd3b4edfda41394b7b900fed4bf
-
SSDEEP
98304:zv3apmo1Y4+6Y7SOEfX/SbgRlmH5nBnEQWoYIsaOyk3xaIYOXwnS4rVKqGn89V4G:Ta9+6Y7SOEibgRYBTYSOyCyIP
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2