General
-
Target
124a3d01a5b6f8185fd72ae9832ea930_JaffaCakes118
-
Size
192KB
-
Sample
240626-rnvlta1dpr
-
MD5
124a3d01a5b6f8185fd72ae9832ea930
-
SHA1
05431389bbd962bb21fda72684ded217aa973d21
-
SHA256
0df2066073ea06809544f663e3d568bbb7f53ee524ef409a9b1d5fb653c958d7
-
SHA512
9011cf42484b5e221e5137eaa047c32208869279a32e2dac77b9d371e143dbff508e2536e0d5edc86dcb268eb390db6c2a3cb7d6802f95251f5432eb47e5764c
-
SSDEEP
3072:fDohuOjLbQZ8JpLmmjJbSLvQl4bVC7KrP+F3zEwVALkrdB1/cjRyTiH7aX:7oJbdD2hhEQQoEAoxB1gRRbW
Static task
static1
Behavioral task
behavioral1
Sample
124a3d01a5b6f8185fd72ae9832ea930_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
124a3d01a5b6f8185fd72ae9832ea930_JaffaCakes118
-
Size
192KB
-
MD5
124a3d01a5b6f8185fd72ae9832ea930
-
SHA1
05431389bbd962bb21fda72684ded217aa973d21
-
SHA256
0df2066073ea06809544f663e3d568bbb7f53ee524ef409a9b1d5fb653c958d7
-
SHA512
9011cf42484b5e221e5137eaa047c32208869279a32e2dac77b9d371e143dbff508e2536e0d5edc86dcb268eb390db6c2a3cb7d6802f95251f5432eb47e5764c
-
SSDEEP
3072:fDohuOjLbQZ8JpLmmjJbSLvQl4bVC7KrP+F3zEwVALkrdB1/cjRyTiH7aX:7oJbdD2hhEQQoEAoxB1gRRbW
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1