General
-
Target
0edc80f21a18294fe9bcef0c87d6efdf_JaffaCakes118
-
Size
160KB
-
Sample
240625-vl4ngssckf
-
MD5
0edc80f21a18294fe9bcef0c87d6efdf
-
SHA1
51f53adf38b2829e151fdfe40f7ef6782d6e2415
-
SHA256
b1600d7d90c90cbe11c78612e72a04be63bcc44689be94235bc037a536947d70
-
SHA512
caef2f30d2b315c1a650d341f0c3238151cfeb1d7b7df170d052608921e0273e6a48348460030586c79174ab4a226a43b4a72ea7ebd9d9a60f33c5892e08c4c1
-
SSDEEP
3072:N6BQCxxGkt95ou011o9a3aTMCAROCOHDaGJ+aN336MdMfLirkQW0/nyypS:0QCxxGkt96R1QMaAlROCOjafUqqULirV
Static task
static1
Behavioral task
behavioral1
Sample
0edc80f21a18294fe9bcef0c87d6efdf_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
0edc80f21a18294fe9bcef0c87d6efdf_JaffaCakes118
-
Size
160KB
-
MD5
0edc80f21a18294fe9bcef0c87d6efdf
-
SHA1
51f53adf38b2829e151fdfe40f7ef6782d6e2415
-
SHA256
b1600d7d90c90cbe11c78612e72a04be63bcc44689be94235bc037a536947d70
-
SHA512
caef2f30d2b315c1a650d341f0c3238151cfeb1d7b7df170d052608921e0273e6a48348460030586c79174ab4a226a43b4a72ea7ebd9d9a60f33c5892e08c4c1
-
SSDEEP
3072:N6BQCxxGkt95ou011o9a3aTMCAROCOHDaGJ+aN336MdMfLirkQW0/nyypS:0QCxxGkt96R1QMaAlROCOjafUqqULirV
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1