General
-
Target
0e5ed4838e129c78f69e7037f34505ea_JaffaCakes118
-
Size
105KB
-
Sample
240625-rhf68svaqe
-
MD5
0e5ed4838e129c78f69e7037f34505ea
-
SHA1
18996735e03f5a8e614f3dac5c825cf0d667fe78
-
SHA256
0bf5e5e8e5121f7ab20d5395dacd8a737da18824fc1290869762611f0404ea39
-
SHA512
cc5bedcea7c5e39645f410ead14738ec363a0b156b479ac69ccda40abcb3103871b68f338f15a509e8d6e6bf976525dfc9c21dff630de632eed52564e8d595f1
-
SSDEEP
3072:vDSKiauBZz/DhceNw1OTw+XIU5jwaaHw7Koj4rBw:rSKbwhdcqYIhXNA
Static task
static1
Behavioral task
behavioral1
Sample
0e5ed4838e129c78f69e7037f34505ea_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
0e5ed4838e129c78f69e7037f34505ea_JaffaCakes118
-
Size
105KB
-
MD5
0e5ed4838e129c78f69e7037f34505ea
-
SHA1
18996735e03f5a8e614f3dac5c825cf0d667fe78
-
SHA256
0bf5e5e8e5121f7ab20d5395dacd8a737da18824fc1290869762611f0404ea39
-
SHA512
cc5bedcea7c5e39645f410ead14738ec363a0b156b479ac69ccda40abcb3103871b68f338f15a509e8d6e6bf976525dfc9c21dff630de632eed52564e8d595f1
-
SSDEEP
3072:vDSKiauBZz/DhceNw1OTw+XIU5jwaaHw7Koj4rBw:rSKbwhdcqYIhXNA
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1