General
-
Target
3a24a5e25e863a5a5d6186a45255a1c2_JaffaCakes118
-
Size
159KB
-
Sample
240729-gllwsazejb
-
MD5
3a24a5e25e863a5a5d6186a45255a1c2
-
SHA1
70773075c0cdb6735d369bcc9bc2fd4c5ae7df21
-
SHA256
2454d64559ffdaf95915ebea1ad0a5310fa2ef724e42d8e510e4cac97078e80f
-
SHA512
56e30af4032cf2ea9597dd117df59c7ba182de86406e4bec47d8070898b94b6538d18bb6d44337c509b7d04a9749668f23bc5ef4224e2a64e332da8bb568a6f6
-
SSDEEP
3072:i0xOqI+epTlAuOXLu9SwbCyrJ77y7c+7TJwjBht1kZAcrqbHf:i0ilAuW3k3rBQ7lwj7kZPWz
Static task
static1
Behavioral task
behavioral1
Sample
3a24a5e25e863a5a5d6186a45255a1c2_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
3a24a5e25e863a5a5d6186a45255a1c2_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
3a24a5e25e863a5a5d6186a45255a1c2_JaffaCakes118
-
Size
159KB
-
MD5
3a24a5e25e863a5a5d6186a45255a1c2
-
SHA1
70773075c0cdb6735d369bcc9bc2fd4c5ae7df21
-
SHA256
2454d64559ffdaf95915ebea1ad0a5310fa2ef724e42d8e510e4cac97078e80f
-
SHA512
56e30af4032cf2ea9597dd117df59c7ba182de86406e4bec47d8070898b94b6538d18bb6d44337c509b7d04a9749668f23bc5ef4224e2a64e332da8bb568a6f6
-
SSDEEP
3072:i0xOqI+epTlAuOXLu9SwbCyrJ77y7c+7TJwjBht1kZAcrqbHf:i0ilAuW3k3rBQ7lwj7kZPWz
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1