General
-
Target
10bb48a0efd80b37b85e00f2465af2fb_JaffaCakes118
-
Size
987KB
-
Sample
240626-e6s5gsxhlj
-
MD5
10bb48a0efd80b37b85e00f2465af2fb
-
SHA1
e59de1410e526dd91cda469dcca65e499e009a2f
-
SHA256
49f792edaa1e5d39dd457fb24406c6ef8289c10bc019bf6fb553199ec17a19a2
-
SHA512
7d85199954f1a72b3fb13a05bd8fcde079dade70700f15bbd06109918a396fab4969751261cf1728561860f675e122c8048b9489757bf955017593e48fc0a922
-
SSDEEP
12288:ODfnFGddrmLF8TGU7LsHLWYOSZK7sM695bmjxXSZBsm6zuqDYR8u7QgnBDKT0Ig0:OxGKF8Tb2Bl81Xm6zO/yn4jiXlf9Tiu
Static task
static1
Behavioral task
behavioral1
Sample
10bb48a0efd80b37b85e00f2465af2fb_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
10bb48a0efd80b37b85e00f2465af2fb_JaffaCakes118
-
Size
987KB
-
MD5
10bb48a0efd80b37b85e00f2465af2fb
-
SHA1
e59de1410e526dd91cda469dcca65e499e009a2f
-
SHA256
49f792edaa1e5d39dd457fb24406c6ef8289c10bc019bf6fb553199ec17a19a2
-
SHA512
7d85199954f1a72b3fb13a05bd8fcde079dade70700f15bbd06109918a396fab4969751261cf1728561860f675e122c8048b9489757bf955017593e48fc0a922
-
SSDEEP
12288:ODfnFGddrmLF8TGU7LsHLWYOSZK7sM695bmjxXSZBsm6zuqDYR8u7QgnBDKT0Ig0:OxGKF8Tb2Bl81Xm6zO/yn4jiXlf9Tiu
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1