General
-
Target
4bcfffb6ab7941cf4e70855f7c545f60_JaffaCakes118
-
Size
319KB
-
Sample
241016-hmmp5sxgpc
-
MD5
4bcfffb6ab7941cf4e70855f7c545f60
-
SHA1
1aa54af1ccae9594a812593d4ba122a1a083e37d
-
SHA256
a3f41b3eb0dd7d19c87a6216a696d716985983d041928f9dabf845a6485d7652
-
SHA512
b606655c04dbfba10e2646a4c01d3baaf65efa6f56996385cda03b7bfda209596993ea2386e2227fc2f5377f548a1093423bf94d61cf9f6ae0785f1bf0c6b123
-
SSDEEP
6144:2bNS/TKoh4Aa9M8XqnN7187psDSSB/hdGhGyaQI1dZNXUG6I6MwK3:lhmXy5LL5kAQIvP76K
Static task
static1
Behavioral task
behavioral1
Sample
4bcfffb6ab7941cf4e70855f7c545f60_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4bcfffb6ab7941cf4e70855f7c545f60_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4bcfffb6ab7941cf4e70855f7c545f60_JaffaCakes118
-
Size
319KB
-
MD5
4bcfffb6ab7941cf4e70855f7c545f60
-
SHA1
1aa54af1ccae9594a812593d4ba122a1a083e37d
-
SHA256
a3f41b3eb0dd7d19c87a6216a696d716985983d041928f9dabf845a6485d7652
-
SHA512
b606655c04dbfba10e2646a4c01d3baaf65efa6f56996385cda03b7bfda209596993ea2386e2227fc2f5377f548a1093423bf94d61cf9f6ae0785f1bf0c6b123
-
SSDEEP
6144:2bNS/TKoh4Aa9M8XqnN7187psDSSB/hdGhGyaQI1dZNXUG6I6MwK3:lhmXy5LL5kAQIvP76K
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
1Pre-OS Boot
1Bootkit
1