General
-
Target
d0dd6935d04572ee74164ac7c2fd2589_JaffaCakes118
-
Size
326KB
-
Sample
240907-cnat3szgka
-
MD5
d0dd6935d04572ee74164ac7c2fd2589
-
SHA1
d9a5843db102fc003a48300ae62149de3413e851
-
SHA256
d10e2c6864c79a2dcf121d41a3b8732b6dfd3de13527a50231c5ec99c525b5d6
-
SHA512
fe1e923d8c743e176e8bbbaa582ef541e32575cb2fa91f702f0feac615f41d107550bf601a0a08747cd7ebe4cc180d564d6af0c006f084f7f1e5034fed2d9a97
-
SSDEEP
6144:sMgqowft9Fe5CXmUaSuG2/9iFaC1u81Q5h6rr1HUznYyRgPvSCsDr3rY:MqowfJzXSS2/9GW81Q5gHU7YyRSHsDr
Static task
static1
Behavioral task
behavioral1
Sample
d0dd6935d04572ee74164ac7c2fd2589_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d0dd6935d04572ee74164ac7c2fd2589_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d0dd6935d04572ee74164ac7c2fd2589_JaffaCakes118
-
Size
326KB
-
MD5
d0dd6935d04572ee74164ac7c2fd2589
-
SHA1
d9a5843db102fc003a48300ae62149de3413e851
-
SHA256
d10e2c6864c79a2dcf121d41a3b8732b6dfd3de13527a50231c5ec99c525b5d6
-
SHA512
fe1e923d8c743e176e8bbbaa582ef541e32575cb2fa91f702f0feac615f41d107550bf601a0a08747cd7ebe4cc180d564d6af0c006f084f7f1e5034fed2d9a97
-
SSDEEP
6144:sMgqowft9Fe5CXmUaSuG2/9iFaC1u81Q5h6rr1HUznYyRgPvSCsDr3rY:MqowfJzXSS2/9GW81Q5gHU7YyRSHsDr
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Discovery
Query Registry
7System Information Discovery
7Peripheral Device Discovery
2System Location Discovery
1System Language Discovery
1