General
-
Target
153b5a2a10690815050947815b55c70a_JaffaCakes118
-
Size
156KB
-
Sample
241004-2ych4avhqb
-
MD5
153b5a2a10690815050947815b55c70a
-
SHA1
1de9cb4df8c6377663e60cd1866b6f3e76a76c44
-
SHA256
9d17577b5c05fca532240bdf83512366b7ac16bf8b343bd5d5c257380c068a1f
-
SHA512
4580322d556975cf5a79c117fa3da1a44295cfb44abfacf8267607d3afc26040e2d9037201016f30d6eee5d0747c6a44ae0c82fe30742b178773d61ba7cfe6da
-
SSDEEP
3072:iPVx+kStHOl2XgC0c2gEPIgELNKmd+NhFdJEOxvgJulso1c:BTHOl2Xg7ccPg0A4bvtv9ll
Static task
static1
Behavioral task
behavioral1
Sample
153b5a2a10690815050947815b55c70a_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
153b5a2a10690815050947815b55c70a_JaffaCakes118
-
Size
156KB
-
MD5
153b5a2a10690815050947815b55c70a
-
SHA1
1de9cb4df8c6377663e60cd1866b6f3e76a76c44
-
SHA256
9d17577b5c05fca532240bdf83512366b7ac16bf8b343bd5d5c257380c068a1f
-
SHA512
4580322d556975cf5a79c117fa3da1a44295cfb44abfacf8267607d3afc26040e2d9037201016f30d6eee5d0747c6a44ae0c82fe30742b178773d61ba7cfe6da
-
SSDEEP
3072:iPVx+kStHOl2XgC0c2gEPIgELNKmd+NhFdJEOxvgJulso1c:BTHOl2Xg7ccPg0A4bvtv9ll
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5