General
-
Target
9e7400a898add6101fab64024aee8719_JaffaCakes118
-
Size
109KB
-
Sample
241125-257yks1nhx
-
MD5
9e7400a898add6101fab64024aee8719
-
SHA1
53171e2db8ad08eaa48ff423725a8521be1cc638
-
SHA256
f15bd9ea16cf3c58310524eb438916f488858e951b3cd33111acfdfe2dd7e3b5
-
SHA512
fbdc281bbae000fdc11f49f906697933e4981cf54e477263c5891c3f5f2fee8d443e2f9c84485c6b09d0996f554f72786d5535a511604bcbe0865fbb57fd614a
-
SSDEEP
3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rZlS:p9bpUyl
Static task
static1
Behavioral task
behavioral1
Sample
9e7400a898add6101fab64024aee8719_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
9e7400a898add6101fab64024aee8719_JaffaCakes118
-
Size
109KB
-
MD5
9e7400a898add6101fab64024aee8719
-
SHA1
53171e2db8ad08eaa48ff423725a8521be1cc638
-
SHA256
f15bd9ea16cf3c58310524eb438916f488858e951b3cd33111acfdfe2dd7e3b5
-
SHA512
fbdc281bbae000fdc11f49f906697933e4981cf54e477263c5891c3f5f2fee8d443e2f9c84485c6b09d0996f554f72786d5535a511604bcbe0865fbb57fd614a
-
SSDEEP
3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rZlS:p9bpUyl
-
Modifies WinLogon for persistence
-
Ramnit family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4