General
-
Target
73267c2a412170b3f3df33616b1e1e8e_JaffaCakes118
-
Size
691KB
-
Sample
241101-t8wqqatrdr
-
MD5
73267c2a412170b3f3df33616b1e1e8e
-
SHA1
bcc8e0537ea776cf75ea83aec75130fc5ba36b43
-
SHA256
4756e7ee03184fc1b29807d6e77c4bb85d0eaaadd064c67b0b4b3a90175229a3
-
SHA512
3354d9f68f4e4ba5a1d88d9d1c9e8cb8f2067f7a03bf1b60d7658b9a036d642f64d35a98ae13115795e2078dff1fbf94dfed4e71c5134b6f24600366d7d6e13e
-
SSDEEP
12288:4KmX4064w0jAQrjnY8/V1Ng6U+VAqEr4viIrvLZo4P84ldlBGPMmLbAEWBvB7:4KCR3Pzg6U+Qk97G4P84dX0Mmv5WVB
Static task
static1
Behavioral task
behavioral1
Sample
73267c2a412170b3f3df33616b1e1e8e_JaffaCakes118.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
73267c2a412170b3f3df33616b1e1e8e_JaffaCakes118.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
73267c2a412170b3f3df33616b1e1e8e_JaffaCakes118
-
Size
691KB
-
MD5
73267c2a412170b3f3df33616b1e1e8e
-
SHA1
bcc8e0537ea776cf75ea83aec75130fc5ba36b43
-
SHA256
4756e7ee03184fc1b29807d6e77c4bb85d0eaaadd064c67b0b4b3a90175229a3
-
SHA512
3354d9f68f4e4ba5a1d88d9d1c9e8cb8f2067f7a03bf1b60d7658b9a036d642f64d35a98ae13115795e2078dff1fbf94dfed4e71c5134b6f24600366d7d6e13e
-
SSDEEP
12288:4KmX4064w0jAQrjnY8/V1Ng6U+VAqEr4viIrvLZo4P84ldlBGPMmLbAEWBvB7:4KCR3Pzg6U+Qk97G4P84dX0Mmv5WVB
-
44Caliber family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2