General
-
Target
181283c3e130b102c86e6ef049d0071a_JaffaCakes118
-
Size
713KB
-
Sample
240628-ag4sgasfrn
-
MD5
181283c3e130b102c86e6ef049d0071a
-
SHA1
e58e8eac541416c306f8edb0b8d9821cc0690bf7
-
SHA256
93a3d616794bbc999144bf30e2189c84b8a2b89c3c27cc08151103062a37d259
-
SHA512
ebbbf9bed204ca27379a1cac0d1bb8aaaa701bdf0e11b2d0b7d70200aa88173ee113d17fdc6962425b8ac0ea68d684ee534c42956947f9b7c8f42d78c12f6e61
-
SSDEEP
12288:+kfeLRmTb7mevlEure1m1+gPhQSVCSLzlwqzmHtc9UTD+eEsjfCh:ucj1vyure1m1+gJQSV1XlJCHtcaumr
Static task
static1
Behavioral task
behavioral1
Sample
181283c3e130b102c86e6ef049d0071a_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
181283c3e130b102c86e6ef049d0071a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
181283c3e130b102c86e6ef049d0071a_JaffaCakes118
-
Size
713KB
-
MD5
181283c3e130b102c86e6ef049d0071a
-
SHA1
e58e8eac541416c306f8edb0b8d9821cc0690bf7
-
SHA256
93a3d616794bbc999144bf30e2189c84b8a2b89c3c27cc08151103062a37d259
-
SHA512
ebbbf9bed204ca27379a1cac0d1bb8aaaa701bdf0e11b2d0b7d70200aa88173ee113d17fdc6962425b8ac0ea68d684ee534c42956947f9b7c8f42d78c12f6e61
-
SSDEEP
12288:+kfeLRmTb7mevlEure1m1+gPhQSVCSLzlwqzmHtc9UTD+eEsjfCh:ucj1vyure1m1+gJQSV1XlJCHtcaumr
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-