General
-
Target
17e5f525e5c5853a71f3238ee0a12e41_JaffaCakes118
-
Size
113KB
-
Sample
240627-28mf2szekk
-
MD5
17e5f525e5c5853a71f3238ee0a12e41
-
SHA1
f4bae783f1a5abae35c5ef8e6ad87bd1ed099004
-
SHA256
1e3818ca8b66cfae092f94e6a55c840759d28ac76d08bc5eb2b7e5f3b8c3ad73
-
SHA512
1fd3d915c9a1d6b6e57b941006b2d78a2fca2890fff401d15c7c35f634c59abf2b129ece39354872a0e2bbc80dc325be1781d8a616931aa48986a83f6a5b7096
-
SSDEEP
3072:kE7YdXFjJHu5puorSE5/fTNjliDs+TseWBy2D5:p7ITcFrSE5/LVlms+weWBBD
Static task
static1
Behavioral task
behavioral1
Sample
17e5f525e5c5853a71f3238ee0a12e41_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
17e5f525e5c5853a71f3238ee0a12e41_JaffaCakes118
-
Size
113KB
-
MD5
17e5f525e5c5853a71f3238ee0a12e41
-
SHA1
f4bae783f1a5abae35c5ef8e6ad87bd1ed099004
-
SHA256
1e3818ca8b66cfae092f94e6a55c840759d28ac76d08bc5eb2b7e5f3b8c3ad73
-
SHA512
1fd3d915c9a1d6b6e57b941006b2d78a2fca2890fff401d15c7c35f634c59abf2b129ece39354872a0e2bbc80dc325be1781d8a616931aa48986a83f6a5b7096
-
SSDEEP
3072:kE7YdXFjJHu5puorSE5/fTNjliDs+TseWBy2D5:p7ITcFrSE5/LVlms+weWBBD
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1