General
-
Target
bc1a52dd14485a1614b4c2d47e27977a_JaffaCakes118
-
Size
219KB
-
Sample
240618-qdr79syfrq
-
MD5
bc1a52dd14485a1614b4c2d47e27977a
-
SHA1
c5f0ca340bcd8f738fe5696f08a3ccd257d6c9f3
-
SHA256
13e2784eef9815e2087249ef2d4f89f9dfe231d08c16954fc7e086682720a375
-
SHA512
f4e0b4bd17ddc6be1d2fe3b764f8ced1fbc1a1d5ca1ee9c9935425d6b439b93963216f04a27551b3132aa97263cd17ada32dc8041c8849a0cb8e56202c11caed
-
SSDEEP
3072:N/OQ5JYqyid/vBlN7Gfoy825WSLbycYSQS:N2IYqrlGC28Wb0SQS
Static task
static1
Behavioral task
behavioral1
Sample
bc1a52dd14485a1614b4c2d47e27977a_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
bc1a52dd14485a1614b4c2d47e27977a_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
bc1a52dd14485a1614b4c2d47e27977a_JaffaCakes118
-
Size
219KB
-
MD5
bc1a52dd14485a1614b4c2d47e27977a
-
SHA1
c5f0ca340bcd8f738fe5696f08a3ccd257d6c9f3
-
SHA256
13e2784eef9815e2087249ef2d4f89f9dfe231d08c16954fc7e086682720a375
-
SHA512
f4e0b4bd17ddc6be1d2fe3b764f8ced1fbc1a1d5ca1ee9c9935425d6b439b93963216f04a27551b3132aa97263cd17ada32dc8041c8849a0cb8e56202c11caed
-
SSDEEP
3072:N/OQ5JYqyid/vBlN7Gfoy825WSLbycYSQS:N2IYqrlGC28Wb0SQS
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1