General
-
Target
JaffaCakes118_40c2d13d8ebbd9c83acb0c4a02fe661b
-
Size
33KB
-
Sample
250127-sdadkatngx
-
MD5
40c2d13d8ebbd9c83acb0c4a02fe661b
-
SHA1
7542595f1aafc65731907235814a808a7b40c761
-
SHA256
e978f34df962d94386dfa24ab780246f77370eaba6da3f2e1ad0e554d9007471
-
SHA512
e4cebf36018f7c2453f4514a13de987a8ffe8d949e16d57fba3498d2a2fb1da5fb2b5b961eca400366438e4b8cacec30c19e81a7427bc07b310c8e281b7f5181
-
SSDEEP
768:uqSdfoTQvkdak16IjCsLpZcPm162qEZhP9iUI2jJWAEkXyG:uFfoTskdakk49Zc+Nv/IdAEkC
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40c2d13d8ebbd9c83acb0c4a02fe661b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40c2d13d8ebbd9c83acb0c4a02fe661b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_40c2d13d8ebbd9c83acb0c4a02fe661b
-
Size
33KB
-
MD5
40c2d13d8ebbd9c83acb0c4a02fe661b
-
SHA1
7542595f1aafc65731907235814a808a7b40c761
-
SHA256
e978f34df962d94386dfa24ab780246f77370eaba6da3f2e1ad0e554d9007471
-
SHA512
e4cebf36018f7c2453f4514a13de987a8ffe8d949e16d57fba3498d2a2fb1da5fb2b5b961eca400366438e4b8cacec30c19e81a7427bc07b310c8e281b7f5181
-
SSDEEP
768:uqSdfoTQvkdak16IjCsLpZcPm162qEZhP9iUI2jJWAEkXyG:uFfoTskdakk49Zc+Nv/IdAEkC
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1