General
-
Target
04fe0421c613a5769dcb79c278e416fd_JaffaCakes118
-
Size
20.5MB
-
Sample
240428-mlfyesea5z
-
MD5
04fe0421c613a5769dcb79c278e416fd
-
SHA1
261b98539b4cb6e0cd5e4e1af740e736159dadfc
-
SHA256
2785534bcddf14cb1ecb061d6f89ba096acc0fbc6420cf7c1ab94e4d7e56cfd4
-
SHA512
604a81e79d75437e65514943748e19b6ea7e971adf3a44c8fe1051fcd160143401ed523719c8f45de7e510be411513e455a68f5253c4abfa4efbd0bcfc34cc69
-
SSDEEP
196608:da9+6Y7SOEibgRavvghmI3HoGgnbkPa9+6Y7SOEibgRavvghmI3HoGgnbk:dFgRav6myIGTFgRav6myIG
Behavioral task
behavioral1
Sample
04fe0421c613a5769dcb79c278e416fd_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
04fe0421c613a5769dcb79c278e416fd_JaffaCakes118
-
Size
20.5MB
-
MD5
04fe0421c613a5769dcb79c278e416fd
-
SHA1
261b98539b4cb6e0cd5e4e1af740e736159dadfc
-
SHA256
2785534bcddf14cb1ecb061d6f89ba096acc0fbc6420cf7c1ab94e4d7e56cfd4
-
SHA512
604a81e79d75437e65514943748e19b6ea7e971adf3a44c8fe1051fcd160143401ed523719c8f45de7e510be411513e455a68f5253c4abfa4efbd0bcfc34cc69
-
SSDEEP
196608:da9+6Y7SOEibgRavvghmI3HoGgnbkPa9+6Y7SOEibgRavvghmI3HoGgnbk:dFgRav6myIGTFgRav6myIG
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2