General
-
Target
c1587515102a00a660b1688218d545f2_JaffaCakes118
-
Size
498KB
-
Sample
241204-hlrbyawpbz
-
MD5
c1587515102a00a660b1688218d545f2
-
SHA1
5a472b9da22f089d0a9b9e576c256165ac6a2844
-
SHA256
64efea6bbaca5fcd316083bfa94eeed68751308f228e1f040b0ad4e62169f1ba
-
SHA512
e175625938e585a93132a572526c22bffe7eae50fc9f51639e78213365df756c062c2a1ac5d0a255f5cffd0cbad0fd99c95dc67f9d96d6f718d1146b4e773bfd
-
SSDEEP
6144:jd31DD86nRjT3k+g7P2vX0S9Eyjw/Vb9lMGhb9lGhZDah54FKVLrauZYtF18CvVM:jl2ijhM1WjwtbZhb9lOY8+XAtF+Cd/
Static task
static1
Behavioral task
behavioral1
Sample
c1587515102a00a660b1688218d545f2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c1587515102a00a660b1688218d545f2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c1587515102a00a660b1688218d545f2_JaffaCakes118
-
Size
498KB
-
MD5
c1587515102a00a660b1688218d545f2
-
SHA1
5a472b9da22f089d0a9b9e576c256165ac6a2844
-
SHA256
64efea6bbaca5fcd316083bfa94eeed68751308f228e1f040b0ad4e62169f1ba
-
SHA512
e175625938e585a93132a572526c22bffe7eae50fc9f51639e78213365df756c062c2a1ac5d0a255f5cffd0cbad0fd99c95dc67f9d96d6f718d1146b4e773bfd
-
SSDEEP
6144:jd31DD86nRjT3k+g7P2vX0S9Eyjw/Vb9lMGhb9lGhZDah54FKVLrauZYtF18CvVM:jl2ijhM1WjwtbZhb9lOY8+XAtF+Cd/
-
Betabot family
-
Modifies firewall policy service
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1Modify Registry
5