General
-
Target
e36d60e0caed8c04b213fbfe76f0f565_JaffaCakes118
-
Size
386KB
-
Sample
240915-1qh58stgke
-
MD5
e36d60e0caed8c04b213fbfe76f0f565
-
SHA1
d6346ec00555c69238d370a9887dcecf0127c307
-
SHA256
f11dc07f2f942007156d95f1b6834df214e6245e9b7e3e97ad2dcb302ae5a9b4
-
SHA512
c052e62fbdda79649ddfcce6a02bcaef0b34d5a225c3201fc3472f71075964d694d3f850ca0a13900fa5dd9624686b993f7f8b274e61317143e09a51ccd78e53
-
SSDEEP
6144:oKxZCrJEGwpIX5mY2kvK9xEH6f7Qn+aCP0vdZhhL0MTVsZ/rL:oGZCrJERgEYG9O6kWPCZHBChrL
Static task
static1
Behavioral task
behavioral1
Sample
e36d60e0caed8c04b213fbfe76f0f565_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e36d60e0caed8c04b213fbfe76f0f565_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e36d60e0caed8c04b213fbfe76f0f565_JaffaCakes118
-
Size
386KB
-
MD5
e36d60e0caed8c04b213fbfe76f0f565
-
SHA1
d6346ec00555c69238d370a9887dcecf0127c307
-
SHA256
f11dc07f2f942007156d95f1b6834df214e6245e9b7e3e97ad2dcb302ae5a9b4
-
SHA512
c052e62fbdda79649ddfcce6a02bcaef0b34d5a225c3201fc3472f71075964d694d3f850ca0a13900fa5dd9624686b993f7f8b274e61317143e09a51ccd78e53
-
SSDEEP
6144:oKxZCrJEGwpIX5mY2kvK9xEH6f7Qn+aCP0vdZhhL0MTVsZ/rL:oGZCrJERgEYG9O6kWPCZHBChrL
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Discovery
Query Registry
7System Information Discovery
7Peripheral Device Discovery
2System Location Discovery
1System Language Discovery
1