General
-
Target
0dddb661d6e7e442d18091be7c098a1f_JaffaCakes118
-
Size
139KB
-
Sample
240625-ndqckazbln
-
MD5
0dddb661d6e7e442d18091be7c098a1f
-
SHA1
7e1c2b93616a82900cd7ffe5e923a7d739f23f23
-
SHA256
c18e25beca4c2e81ff766bbfa843f6bce49af7c754b18fbd6022b750415300f9
-
SHA512
40e42ab1803df2159c7a0e8c36c7e34ad32acf74aae1c8f3e04ce41394069555718622ea93f66242a31af27a6cd5d41638fd6afb3380366212f55a282d0cfb45
-
SSDEEP
3072:lV9Sharag+n3uIIPhvpE6cXjA8iVUAWGaqqqBSpXuWMfujoMITjWl:lV9Si+3/EFpkXsDePGaqqqBmMfujP1
Static task
static1
Behavioral task
behavioral1
Sample
0dddb661d6e7e442d18091be7c098a1f_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
0dddb661d6e7e442d18091be7c098a1f_JaffaCakes118
-
Size
139KB
-
MD5
0dddb661d6e7e442d18091be7c098a1f
-
SHA1
7e1c2b93616a82900cd7ffe5e923a7d739f23f23
-
SHA256
c18e25beca4c2e81ff766bbfa843f6bce49af7c754b18fbd6022b750415300f9
-
SHA512
40e42ab1803df2159c7a0e8c36c7e34ad32acf74aae1c8f3e04ce41394069555718622ea93f66242a31af27a6cd5d41638fd6afb3380366212f55a282d0cfb45
-
SSDEEP
3072:lV9Sharag+n3uIIPhvpE6cXjA8iVUAWGaqqqBSpXuWMfujoMITjWl:lV9Si+3/EFpkXsDePGaqqqBmMfujP1
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1