General
-
Target
c0a8fd9f86b8d624c2da204032901470_JaffaCakes118
-
Size
643KB
-
Sample
241204-ebkvmawkbm
-
MD5
c0a8fd9f86b8d624c2da204032901470
-
SHA1
85d554691eb3dc82da85bd12adeac8187309bf42
-
SHA256
29489fcd57f01e72a2a62e67380f59fd380bd9789b7673515ea6117e9119a577
-
SHA512
d185abb5181d6114a3c6f296ff8e09178f7f5f68d5132b67860ad8a739f851cc16734e8e1ef3c3959f6e4338fbdbf8ff95013715e7294bd68ed8c8e4e8bd8bad
-
SSDEEP
12288:0cXXraJn2wGkg7MYlIDPvdbtD1OYtkzadWyEZRjZGop1Mjd/94QT:Ji2w/EvOH31Oakz3jxpijd/mW
Static task
static1
Behavioral task
behavioral1
Sample
c0a8fd9f86b8d624c2da204032901470_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
c0a8fd9f86b8d624c2da204032901470_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c0a8fd9f86b8d624c2da204032901470_JaffaCakes118
-
Size
643KB
-
MD5
c0a8fd9f86b8d624c2da204032901470
-
SHA1
85d554691eb3dc82da85bd12adeac8187309bf42
-
SHA256
29489fcd57f01e72a2a62e67380f59fd380bd9789b7673515ea6117e9119a577
-
SHA512
d185abb5181d6114a3c6f296ff8e09178f7f5f68d5132b67860ad8a739f851cc16734e8e1ef3c3959f6e4338fbdbf8ff95013715e7294bd68ed8c8e4e8bd8bad
-
SSDEEP
12288:0cXXraJn2wGkg7MYlIDPvdbtD1OYtkzadWyEZRjZGop1Mjd/94QT:Ji2w/EvOH31Oakz3jxpijd/mW
-
Betabot family
-
Modifies firewall policy service
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1Modify Registry
5