General
-
Target
695b90b4aa3f979981153fed0d682528_JaffaCakes118
-
Size
620KB
-
Sample
240523-cbmm4shd91
-
MD5
695b90b4aa3f979981153fed0d682528
-
SHA1
773ab8e2be7cec065f40dfe57c3964878349399e
-
SHA256
e668dd735809a2a08efeda2c037952ebd63b53a82648a9a059b06ba156e914a3
-
SHA512
e9c7a055f1f2f1a18b354b32fc007b0dc9e28b9212e9fb3667d3fc148167da7d664f611c08ad167c4c79d15c6e447a8ff26ea9833804358c4b26342ebae7980e
-
SSDEEP
6144:hVX/Wjw41C4GVx7sADJ2gB701zM4+TeoA+PK5yAyi2/cwRWl2qtmSSSA58FNjmeQ:WRCxx4EJ2gB4bQegx/cSUlTBvxJx9l
Static task
static1
Behavioral task
behavioral1
Sample
695b90b4aa3f979981153fed0d682528_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
695b90b4aa3f979981153fed0d682528_JaffaCakes118
-
Size
620KB
-
MD5
695b90b4aa3f979981153fed0d682528
-
SHA1
773ab8e2be7cec065f40dfe57c3964878349399e
-
SHA256
e668dd735809a2a08efeda2c037952ebd63b53a82648a9a059b06ba156e914a3
-
SHA512
e9c7a055f1f2f1a18b354b32fc007b0dc9e28b9212e9fb3667d3fc148167da7d664f611c08ad167c4c79d15c6e447a8ff26ea9833804358c4b26342ebae7980e
-
SSDEEP
6144:hVX/Wjw41C4GVx7sADJ2gB701zM4+TeoA+PK5yAyi2/cwRWl2qtmSSSA58FNjmeQ:WRCxx4EJ2gB4bQegx/cSUlTBvxJx9l
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1