General
-
Target
02f24afdc3235a293c1dff7df9830052_JaffaCakes118
-
Size
3.7MB
-
Sample
240427-lh9wnagd41
-
MD5
02f24afdc3235a293c1dff7df9830052
-
SHA1
ad437e54a1797a92dc08811595ddabb610b73837
-
SHA256
e1a97322253305683801ce5038c6d7b620708488d3dd4ff23cb781605b5bd39c
-
SHA512
01312fb2489229143b211b887053548de279d6bb73affcade5a3ea0d6b8fa091d6ae2a28eba27ae85c78c6ad780acec9160702974d2d28e0199e8dd8a6f08941
-
SSDEEP
98304:dvfapmo1Y4+6Y7SOEfX/SbgRJL/aSlq77GBfWyt77GBfW:da9+6Y7SOEibgRaGBfWoGBfW
Behavioral task
behavioral1
Sample
02f24afdc3235a293c1dff7df9830052_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
02f24afdc3235a293c1dff7df9830052_JaffaCakes118
-
Size
3.7MB
-
MD5
02f24afdc3235a293c1dff7df9830052
-
SHA1
ad437e54a1797a92dc08811595ddabb610b73837
-
SHA256
e1a97322253305683801ce5038c6d7b620708488d3dd4ff23cb781605b5bd39c
-
SHA512
01312fb2489229143b211b887053548de279d6bb73affcade5a3ea0d6b8fa091d6ae2a28eba27ae85c78c6ad780acec9160702974d2d28e0199e8dd8a6f08941
-
SSDEEP
98304:dvfapmo1Y4+6Y7SOEfX/SbgRJL/aSlq77GBfWyt77GBfW:da9+6Y7SOEibgRaGBfWoGBfW
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2