General
-
Target
854094ff77486f4c6a3f1c612bde301f_JaffaCakes118
-
Size
92KB
-
Sample
240810-h668wsvcrf
-
MD5
854094ff77486f4c6a3f1c612bde301f
-
SHA1
c7728dcee24bc3e156d5af91b43b9b553b4ac334
-
SHA256
4e6ef1e1184a108b432f7cd664246244cee6cd7274143479700f56c855388463
-
SHA512
ce957e5e16e91b855709b6a8acae5852479be8851e83cc479d4a9efb693db40de956d490d2981c7afd35ebb87c19d3abebf45e568e26498444ffa27b8e2f2e08
-
SSDEEP
1536:o6t9PDnnGAv25ZjyfeiyI8fCsL+/XV2FiQkRte7/I/lO:o6nK+MN1ifS2l2g8M/lO
Static task
static1
Behavioral task
behavioral1
Sample
854094ff77486f4c6a3f1c612bde301f_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
854094ff77486f4c6a3f1c612bde301f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
latentbot
profoundgaming.zapto.org
Targets
-
-
Target
854094ff77486f4c6a3f1c612bde301f_JaffaCakes118
-
Size
92KB
-
MD5
854094ff77486f4c6a3f1c612bde301f
-
SHA1
c7728dcee24bc3e156d5af91b43b9b553b4ac334
-
SHA256
4e6ef1e1184a108b432f7cd664246244cee6cd7274143479700f56c855388463
-
SHA512
ce957e5e16e91b855709b6a8acae5852479be8851e83cc479d4a9efb693db40de956d490d2981c7afd35ebb87c19d3abebf45e568e26498444ffa27b8e2f2e08
-
SSDEEP
1536:o6t9PDnnGAv25ZjyfeiyI8fCsL+/XV2FiQkRte7/I/lO:o6nK+MN1ifS2l2g8M/lO
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3Subvert Trust Controls
1SIP and Trust Provider Hijacking
1