General
-
Target
dfe9edfceb1ca6ebb94dd18919bfadeb_JaffaCakes118
-
Size
1.3MB
-
Sample
241211-e9q5as1qdq
-
MD5
dfe9edfceb1ca6ebb94dd18919bfadeb
-
SHA1
178d4e316cdd7b707089928f6beaa91314eec834
-
SHA256
5c64f7f80b09582f6ad8049c4b7e9ea5ab62006630df5941a6733544fce5940d
-
SHA512
602746e05e90aa48288658bd97df8488a443d82c7f808294bb946435a1c8fcaa715e42711a62a4e455a5f8a918c3169aedabed7a073e1a66e959c2aab3e8071c
-
SSDEEP
24576:u2EBg1IYJE7MyO1RnYBRIKJhbO+jqM72mKePXVhZU0WABFlPF:S4JE7MRjYBRIKJ5Osr7cMFfU0nBFNF
Behavioral task
behavioral1
Sample
dfe9edfceb1ca6ebb94dd18919bfadeb_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dfe9edfceb1ca6ebb94dd18919bfadeb_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
dfe9edfceb1ca6ebb94dd18919bfadeb_JaffaCakes118
-
Size
1.3MB
-
MD5
dfe9edfceb1ca6ebb94dd18919bfadeb
-
SHA1
178d4e316cdd7b707089928f6beaa91314eec834
-
SHA256
5c64f7f80b09582f6ad8049c4b7e9ea5ab62006630df5941a6733544fce5940d
-
SHA512
602746e05e90aa48288658bd97df8488a443d82c7f808294bb946435a1c8fcaa715e42711a62a4e455a5f8a918c3169aedabed7a073e1a66e959c2aab3e8071c
-
SSDEEP
24576:u2EBg1IYJE7MyO1RnYBRIKJhbO+jqM72mKePXVhZU0WABFlPF:S4JE7MRjYBRIKJ5Osr7cMFfU0nBFNF
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1