General
-
Target
JaffaCakes118_1c26c3f227035b7b7936c7872a5fc531
-
Size
221KB
-
Sample
250704-n1sffasn14
-
MD5
1c26c3f227035b7b7936c7872a5fc531
-
SHA1
e99184364502172400a696f2041e13ebba69ba0f
-
SHA256
c5693f93fd4733cc020bdabfc8505e06a39f6f0ca3c316ef64d988ccefe0ff8c
-
SHA512
f35c3c02d314ec3a54634953c179572272306be2b5847240cb7b0c972072846972495a53955fbf5a28e4a1010836bbd80cded7b241b38cb2cd9f0f2ee750500a
-
SSDEEP
3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmRV:ZR5IuMQoseGk7RZBGxAycKpSPX2o
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1c26c3f227035b7b7936c7872a5fc531.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1c26c3f227035b7b7936c7872a5fc531.exe
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
JaffaCakes118_1c26c3f227035b7b7936c7872a5fc531
-
Size
221KB
-
MD5
1c26c3f227035b7b7936c7872a5fc531
-
SHA1
e99184364502172400a696f2041e13ebba69ba0f
-
SHA256
c5693f93fd4733cc020bdabfc8505e06a39f6f0ca3c316ef64d988ccefe0ff8c
-
SHA512
f35c3c02d314ec3a54634953c179572272306be2b5847240cb7b0c972072846972495a53955fbf5a28e4a1010836bbd80cded7b241b38cb2cd9f0f2ee750500a
-
SSDEEP
3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmRV:ZR5IuMQoseGk7RZBGxAycKpSPX2o
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1