General

  • Target

    839de8b7ddaadd450c4127fe4db09a5f_JaffaCakes118

  • Size

    612KB

  • Sample

    241031-xly44ssfpp

  • MD5

    839de8b7ddaadd450c4127fe4db09a5f

  • SHA1

    219d354b3bb965c2b8f05037628a04f054b5f1d2

  • SHA256

    f5039bfb70fce739171fa48af78bd5938c3b63287fdef28c766ac0863e79d76f

  • SHA512

    e9468d06a2727a3fcac71cead9904b144c395e01b8bba32695a0b774e16ccdc5a45d848108550ba351cbfdddd8eec3f9955747297707d5ded3ebbc14206cd2db

  • SSDEEP

    12288:HRZhTgxkezDqg9Zm5UGwI91n/cd5ufVQlJgn8uiKAI6Pc6Iz6R:LexDqg9Zm5TcGfVQsn8uifRPcF

Malware Config

Targets

    • Target

      839de8b7ddaadd450c4127fe4db09a5f_JaffaCakes118

    • Size

      612KB

    • MD5

      839de8b7ddaadd450c4127fe4db09a5f

    • SHA1

      219d354b3bb965c2b8f05037628a04f054b5f1d2

    • SHA256

      f5039bfb70fce739171fa48af78bd5938c3b63287fdef28c766ac0863e79d76f

    • SHA512

      e9468d06a2727a3fcac71cead9904b144c395e01b8bba32695a0b774e16ccdc5a45d848108550ba351cbfdddd8eec3f9955747297707d5ded3ebbc14206cd2db

    • SSDEEP

      12288:HRZhTgxkezDqg9Zm5UGwI91n/cd5ufVQlJgn8uiKAI6Pc6Iz6R:LexDqg9Zm5TcGfVQsn8uifRPcF

    • Adds policy Run key to start application

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks