General
-
Target
d87c2e231e0521f47b25432bfde99c2f_JaffaCakes118
-
Size
129KB
-
Sample
241208-x6n5mssqft
-
MD5
d87c2e231e0521f47b25432bfde99c2f
-
SHA1
16eb9dd322d15803fc7d004ebb54f3f16bdddf28
-
SHA256
ce88a79e96501f3538cb392d8d970eacdf5c8f3882d184fcf0c7c81aceadbfa2
-
SHA512
3fbf5d4c41a3d00c934e0fa40735b1fc25f259ef0aa9d87b99339920ad99c90754ba5243d42143b076a05fec4b8109f7e50fec7d241fffcb81eb707359af4c13
-
SSDEEP
3072:rcOGauE7Ik6MZrUNDzhD0x6xDiwsv6jGu:Qy7INAr8dBiayu
Behavioral task
behavioral1
Sample
d87c2e231e0521f47b25432bfde99c2f_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
d87c2e231e0521f47b25432bfde99c2f_JaffaCakes118
-
Size
129KB
-
MD5
d87c2e231e0521f47b25432bfde99c2f
-
SHA1
16eb9dd322d15803fc7d004ebb54f3f16bdddf28
-
SHA256
ce88a79e96501f3538cb392d8d970eacdf5c8f3882d184fcf0c7c81aceadbfa2
-
SHA512
3fbf5d4c41a3d00c934e0fa40735b1fc25f259ef0aa9d87b99339920ad99c90754ba5243d42143b076a05fec4b8109f7e50fec7d241fffcb81eb707359af4c13
-
SSDEEP
3072:rcOGauE7Ik6MZrUNDzhD0x6xDiwsv6jGu:Qy7INAr8dBiayu
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Ramnit family
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
5