General
-
Target
844f06bac4af7cf641f6b29b57154307_JaffaCakes118
-
Size
5.2MB
-
Sample
240530-qp5mqsbc53
-
MD5
844f06bac4af7cf641f6b29b57154307
-
SHA1
8f8b31dfc843bf2976b34b8e7c560b3c4ffa6940
-
SHA256
b03446623117a832bca96b105eb041ebde06285ed1dc5c021e83c3fa59a48e51
-
SHA512
85c709cc28906d8147b435c87033eb6c1a3710d60e0b5f821bc3ef570a5727fbedb025258fd830930f869fbe36945d208a5a7690788074aa0a7400779eeddf1a
-
SSDEEP
98304:dvfapmo1Y4+6Y7SOEfX/SbgR6G5DKmxJWIfzjTpC5VPK+JL:da9+6Y7SOEibgR/GyzPpCLi+
Behavioral task
behavioral1
Sample
844f06bac4af7cf641f6b29b57154307_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
844f06bac4af7cf641f6b29b57154307_JaffaCakes118
-
Size
5.2MB
-
MD5
844f06bac4af7cf641f6b29b57154307
-
SHA1
8f8b31dfc843bf2976b34b8e7c560b3c4ffa6940
-
SHA256
b03446623117a832bca96b105eb041ebde06285ed1dc5c021e83c3fa59a48e51
-
SHA512
85c709cc28906d8147b435c87033eb6c1a3710d60e0b5f821bc3ef570a5727fbedb025258fd830930f869fbe36945d208a5a7690788074aa0a7400779eeddf1a
-
SSDEEP
98304:dvfapmo1Y4+6Y7SOEfX/SbgR6G5DKmxJWIfzjTpC5VPK+JL:da9+6Y7SOEibgR/GyzPpCLi+
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2