General
-
Target
11ce33be8962adf74d6f0d2506643706_JaffaCakes118
-
Size
1.2MB
-
Sample
240626-nb2mtasbme
-
MD5
11ce33be8962adf74d6f0d2506643706
-
SHA1
39065393c2de7c76c225537a9a4ea000fe92da67
-
SHA256
b5f2c8133957ed1c2897f6785e45ec5a8e40761ed44e1f7ede2eec15275804ff
-
SHA512
39e02801fc20883d6053bd6f213e81ed6c6ebe4d450e9525fb12ddc7705b76d487b5fc89c8ca96f39d5eadcb020c2f314fe530a2cf5fa42964826682b8bdd8ea
-
SSDEEP
24576:3cv7BZ5XFwpPboxjiIvu+63f8VRQudkgb/kVAJ3zxZvv:MzBZ51oQXtVRtdkgb/gAJ
Static task
static1
Behavioral task
behavioral1
Sample
11ce33be8962adf74d6f0d2506643706_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
11ce33be8962adf74d6f0d2506643706_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
11ce33be8962adf74d6f0d2506643706_JaffaCakes118
-
Size
1.2MB
-
MD5
11ce33be8962adf74d6f0d2506643706
-
SHA1
39065393c2de7c76c225537a9a4ea000fe92da67
-
SHA256
b5f2c8133957ed1c2897f6785e45ec5a8e40761ed44e1f7ede2eec15275804ff
-
SHA512
39e02801fc20883d6053bd6f213e81ed6c6ebe4d450e9525fb12ddc7705b76d487b5fc89c8ca96f39d5eadcb020c2f314fe530a2cf5fa42964826682b8bdd8ea
-
SSDEEP
24576:3cv7BZ5XFwpPboxjiIvu+63f8VRQudkgb/kVAJ3zxZvv:MzBZ51oQXtVRtdkgb/gAJ
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2Virtualization/Sandbox Evasion
1