General
-
Target
838ef1fb38da83e9671a6b8803feffa4_JaffaCakes118
-
Size
1.0MB
-
Sample
241031-wcm5tasalh
-
MD5
838ef1fb38da83e9671a6b8803feffa4
-
SHA1
8d5e0f8dff04a4ea3245b980a8232b571e572fcc
-
SHA256
9ec1994214e4beca6c49340f19bd4546ac4d4a26dd932595048b733f3755e6c5
-
SHA512
91496b4caf53f22786939d5a4c971e95c9e28a3e74c08166ebbb6915d6291b162ec211c789bf3faf657bac9b1f97527106d74b59aae75fa04c9b3e1c2ac4c136
-
SSDEEP
12288:2DVlxntazf9MrJcZB/S3HzNJmclAfT0RgXZDF5layOMZU4kJ514QCAP/9U8oHFwj:syHP/kHQtHjC2HGSS
Static task
static1
Behavioral task
behavioral1
Sample
838ef1fb38da83e9671a6b8803feffa4_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
838ef1fb38da83e9671a6b8803feffa4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
838ef1fb38da83e9671a6b8803feffa4_JaffaCakes118
-
Size
1.0MB
-
MD5
838ef1fb38da83e9671a6b8803feffa4
-
SHA1
8d5e0f8dff04a4ea3245b980a8232b571e572fcc
-
SHA256
9ec1994214e4beca6c49340f19bd4546ac4d4a26dd932595048b733f3755e6c5
-
SHA512
91496b4caf53f22786939d5a4c971e95c9e28a3e74c08166ebbb6915d6291b162ec211c789bf3faf657bac9b1f97527106d74b59aae75fa04c9b3e1c2ac4c136
-
SSDEEP
12288:2DVlxntazf9MrJcZB/S3HzNJmclAfT0RgXZDF5layOMZU4kJ514QCAP/9U8oHFwj:syHP/kHQtHjC2HGSS
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4