General
-
Target
f2cf092eaf4c2787f9a4c1afd7802ec0_JaffaCakes118
-
Size
1.1MB
-
Sample
241215-hpatcsxjcv
-
MD5
f2cf092eaf4c2787f9a4c1afd7802ec0
-
SHA1
5831ac8b50b0f0ee2ec7c13193f9e1bfb473b2d5
-
SHA256
061e71ab880546b6fcf599375fb2ae3d1d04569c5403a2737a6b1d52062b2e40
-
SHA512
3d960c038ab02d2914d9aaba3e23a753a3ba30693083544d346b63ca110a82fa62d64fd8bd7ecbdfedebd9ef75790a29f73e6e28690f40f7bb2e54605c6b8a97
-
SSDEEP
24576:SgocyX3+Qit40VVnNfy+CWD+rjxfbVOhj1BYO:+puQq40VVNawDWzsNYO
Static task
static1
Behavioral task
behavioral1
Sample
f2cf092eaf4c2787f9a4c1afd7802ec0_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f2cf092eaf4c2787f9a4c1afd7802ec0_JaffaCakes118
-
Size
1.1MB
-
MD5
f2cf092eaf4c2787f9a4c1afd7802ec0
-
SHA1
5831ac8b50b0f0ee2ec7c13193f9e1bfb473b2d5
-
SHA256
061e71ab880546b6fcf599375fb2ae3d1d04569c5403a2737a6b1d52062b2e40
-
SHA512
3d960c038ab02d2914d9aaba3e23a753a3ba30693083544d346b63ca110a82fa62d64fd8bd7ecbdfedebd9ef75790a29f73e6e28690f40f7bb2e54605c6b8a97
-
SSDEEP
24576:SgocyX3+Qit40VVnNfy+CWD+rjxfbVOhj1BYO:+puQq40VVNawDWzsNYO
-
Pony family
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3