General
-
Target
05e66b7cde6c4929122e8042cc3093b6_JaffaCakes118
-
Size
16.1MB
-
Sample
240428-x3z3qsfa57
-
MD5
05e66b7cde6c4929122e8042cc3093b6
-
SHA1
acefb24a5630f8657056c729758b69ffdde287b3
-
SHA256
526bd0f29e71cb485c51b0f40ed36667e8f341ec4191cd680c39fd4a59ce3635
-
SHA512
61d676d6555c2b1557872c7b6fda474f8f8f85d558d4760c53a97bebc95f7fec01b3e6bee2340c6c8aa7500fd09d05dc44ba2dc571e318fddb35d0da671a7bda
-
SSDEEP
393216:dFgR5WrWeWcKZWeW8W7FgR5WrWeWcKZWeW8WuQf:PKiK4
Behavioral task
behavioral1
Sample
05e66b7cde6c4929122e8042cc3093b6_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
05e66b7cde6c4929122e8042cc3093b6_JaffaCakes118
-
Size
16.1MB
-
MD5
05e66b7cde6c4929122e8042cc3093b6
-
SHA1
acefb24a5630f8657056c729758b69ffdde287b3
-
SHA256
526bd0f29e71cb485c51b0f40ed36667e8f341ec4191cd680c39fd4a59ce3635
-
SHA512
61d676d6555c2b1557872c7b6fda474f8f8f85d558d4760c53a97bebc95f7fec01b3e6bee2340c6c8aa7500fd09d05dc44ba2dc571e318fddb35d0da671a7bda
-
SSDEEP
393216:dFgR5WrWeWcKZWeW8W7FgR5WrWeWcKZWeW8WuQf:PKiK4
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2