General
-
Target
044435e6f97050f9aa860b4acabac8d9_JaffaCakes118
-
Size
393KB
-
Sample
240622-2xjk1sseqn
-
MD5
044435e6f97050f9aa860b4acabac8d9
-
SHA1
58f09124d88a7760f0fa589260b1b1874b19a97c
-
SHA256
53ca26643fd90f99c78e03f135082676947525890e66cf740d4e2fc15de5f46b
-
SHA512
65daab95c7bf3f9713671c20be4bf9fd820934d6e5fb8b8da4bc62096b6543fecd5b1574d6383182e18393e2268a9dda5c33acb69f536d652257b4fc42c986ad
-
SSDEEP
6144:xeJ3D4ORN43Ee1k/nLMa8PVsw9XftYPOQn+aCP0vdZhhL0MTzdkXUlmKZxVO8Q:IDhqERYa4df0WPCZHBflmsVO8Q
Static task
static1
Behavioral task
behavioral1
Sample
044435e6f97050f9aa860b4acabac8d9_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
044435e6f97050f9aa860b4acabac8d9_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
044435e6f97050f9aa860b4acabac8d9_JaffaCakes118
-
Size
393KB
-
MD5
044435e6f97050f9aa860b4acabac8d9
-
SHA1
58f09124d88a7760f0fa589260b1b1874b19a97c
-
SHA256
53ca26643fd90f99c78e03f135082676947525890e66cf740d4e2fc15de5f46b
-
SHA512
65daab95c7bf3f9713671c20be4bf9fd820934d6e5fb8b8da4bc62096b6543fecd5b1574d6383182e18393e2268a9dda5c33acb69f536d652257b4fc42c986ad
-
SSDEEP
6144:xeJ3D4ORN43Ee1k/nLMa8PVsw9XftYPOQn+aCP0vdZhhL0MTzdkXUlmKZxVO8Q:IDhqERYa4df0WPCZHBflmsVO8Q
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1