General
-
Target
0f2ab21a9c14727f55f2a28502b166f8_JaffaCakes118
-
Size
168KB
-
Sample
240625-xm2xdszbkk
-
MD5
0f2ab21a9c14727f55f2a28502b166f8
-
SHA1
bd4e12bf54facdca591c7b0ae2327100a20cadf3
-
SHA256
b1792fed2e4e7e22c7b0366c124c693ee1c2609d731dd5486260985d807529f5
-
SHA512
332e0e5271ceb55db68047e8a2fada30d07064d44fdbaf30695ea899b125e75ed0a6048cbfd7437693e57595eb3a95bdca586789d24c5ee3b0448c21e81e1bd1
-
SSDEEP
1536:38MmInHlQm0BfYPV+W8tb+FV9zxE6/kuxH6ale569oAAoUkq+mHNB7W5hiqzXF+5:wcgq+W8tSFVEsPHJlEdtB7W5vJpLnAP
Static task
static1
Behavioral task
behavioral1
Sample
0f2ab21a9c14727f55f2a28502b166f8_JaffaCakes118.dll
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
0f2ab21a9c14727f55f2a28502b166f8_JaffaCakes118
-
Size
168KB
-
MD5
0f2ab21a9c14727f55f2a28502b166f8
-
SHA1
bd4e12bf54facdca591c7b0ae2327100a20cadf3
-
SHA256
b1792fed2e4e7e22c7b0366c124c693ee1c2609d731dd5486260985d807529f5
-
SHA512
332e0e5271ceb55db68047e8a2fada30d07064d44fdbaf30695ea899b125e75ed0a6048cbfd7437693e57595eb3a95bdca586789d24c5ee3b0448c21e81e1bd1
-
SSDEEP
1536:38MmInHlQm0BfYPV+W8tb+FV9zxE6/kuxH6ale569oAAoUkq+mHNB7W5hiqzXF+5:wcgq+W8tSFVEsPHJlEdtB7W5vJpLnAP
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1