General
-
Target
1247967cf7de3eda70695f0be85015bc_JaffaCakes118
-
Size
141KB
-
Sample
240626-rl8ewsyara
-
MD5
1247967cf7de3eda70695f0be85015bc
-
SHA1
683fe4d7a48013b86ffc37cfca3a256a2c7e7a08
-
SHA256
d78ad2b9e04c5e3e9c1359aedf97d70c5b4ee86993eeb404190b6ac4322bf3be
-
SHA512
276e427bb6ef389d37678d5475fc3c4f10bfddf6f0a78d8f84ddff0129dee32cb37e40dd856cee14868771dca475b210f3e1b00f9ed2c72bde463c8e6c938447
-
SSDEEP
3072:aR+3mSXsvirTVCtnGzZHt399U/CXFFk8jwaaHw7Koj4r4U3ZTjW0w+DLQ:aR+WGzCtnGNT9U/CXiZTjA+D0
Static task
static1
Behavioral task
behavioral1
Sample
1247967cf7de3eda70695f0be85015bc_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
1247967cf7de3eda70695f0be85015bc_JaffaCakes118
-
Size
141KB
-
MD5
1247967cf7de3eda70695f0be85015bc
-
SHA1
683fe4d7a48013b86ffc37cfca3a256a2c7e7a08
-
SHA256
d78ad2b9e04c5e3e9c1359aedf97d70c5b4ee86993eeb404190b6ac4322bf3be
-
SHA512
276e427bb6ef389d37678d5475fc3c4f10bfddf6f0a78d8f84ddff0129dee32cb37e40dd856cee14868771dca475b210f3e1b00f9ed2c72bde463c8e6c938447
-
SSDEEP
3072:aR+3mSXsvirTVCtnGzZHt399U/CXFFk8jwaaHw7Koj4r4U3ZTjW0w+DLQ:aR+WGzCtnGNT9U/CXiZTjA+D0
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1