General
-
Target
05af8059269d76cb7f5929bd03953749_JaffaCakes118
-
Size
18.6MB
-
Sample
240428-vsp4nscf32
-
MD5
05af8059269d76cb7f5929bd03953749
-
SHA1
a614ff5395c53a8cf0fdee31dd6fcc32277faae3
-
SHA256
92f91b9e78c49bd39cc7a446f4d63dec275d34da99d2d5ed742a069be41ce77b
-
SHA512
5e6470d76ed3575b446e84b4a8734a9d0e92fe4bc98266ce06861464379071f094e3974ef259f9fc580f78f8286f220ac3201436ceae444765391bda8013fdb1
-
SSDEEP
393216:TFgRsWeW0QfSWgyzPpeSKfFgRsWeW0QfSWgyzPpeSKS2:o0yTjKU0yTjKB
Behavioral task
behavioral1
Sample
05af8059269d76cb7f5929bd03953749_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
05af8059269d76cb7f5929bd03953749_JaffaCakes118
-
Size
18.6MB
-
MD5
05af8059269d76cb7f5929bd03953749
-
SHA1
a614ff5395c53a8cf0fdee31dd6fcc32277faae3
-
SHA256
92f91b9e78c49bd39cc7a446f4d63dec275d34da99d2d5ed742a069be41ce77b
-
SHA512
5e6470d76ed3575b446e84b4a8734a9d0e92fe4bc98266ce06861464379071f094e3974ef259f9fc580f78f8286f220ac3201436ceae444765391bda8013fdb1
-
SSDEEP
393216:TFgRsWeW0QfSWgyzPpeSKfFgRsWeW0QfSWgyzPpeSKS2:o0yTjKU0yTjKB
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2