General
-
Target
16e597227f56c8c7cdd4a26433e29c7f_JaffaCakes118
-
Size
138KB
-
Sample
240627-v7qnravapj
-
MD5
16e597227f56c8c7cdd4a26433e29c7f
-
SHA1
f3ca7f026cb439e370a091c336e057dd5df8c429
-
SHA256
54f5cf1904ea304b837d4f9f95b772d0e49d4d1c110f87fbff1c7b8a2a3fb370
-
SHA512
8287c85aa518b3fa0347fe1dc257d56bf14e407b3db53d3f7b8c79b18921295c67e045c5e04fee8da31d6706a3f25b68760c280769b3f9f77a21507e16691917
-
SSDEEP
3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rISPcogH+f6C:83z+svb1uzSNiC
Static task
static1
Behavioral task
behavioral1
Sample
16e597227f56c8c7cdd4a26433e29c7f_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
16e597227f56c8c7cdd4a26433e29c7f_JaffaCakes118
-
Size
138KB
-
MD5
16e597227f56c8c7cdd4a26433e29c7f
-
SHA1
f3ca7f026cb439e370a091c336e057dd5df8c429
-
SHA256
54f5cf1904ea304b837d4f9f95b772d0e49d4d1c110f87fbff1c7b8a2a3fb370
-
SHA512
8287c85aa518b3fa0347fe1dc257d56bf14e407b3db53d3f7b8c79b18921295c67e045c5e04fee8da31d6706a3f25b68760c280769b3f9f77a21507e16691917
-
SSDEEP
3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rISPcogH+f6C:83z+svb1uzSNiC
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1