General
-
Target
198c3d7beef8f5107eb884dd35a6bf07_JaffaCakes118
-
Size
91KB
-
Sample
240628-ky5ffa1dpg
-
MD5
198c3d7beef8f5107eb884dd35a6bf07
-
SHA1
fedc3200cac20e80ec712b9a72346540cff454ef
-
SHA256
cef6fb469154c9805fa9ca778a7919840695f9bc074e1d2e484d0c8dcb70cfe3
-
SHA512
3a8a1123d8b7b0ddad271191985858be23591976887a54a7215e3ad78fcdd9e9d8ba0041d31e873c1231b42a58d83f867040cb96171e12b21f09ccd1435fde2a
-
SSDEEP
1536:duteSLtAYHRNGu2+NICv3DU3ei1tE7jwaaHw7Koj4rL/OpNGiY:IY8tHHRNGV+eCfkLgjwaaHw7Koj4rK
Static task
static1
Behavioral task
behavioral1
Sample
198c3d7beef8f5107eb884dd35a6bf07_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
198c3d7beef8f5107eb884dd35a6bf07_JaffaCakes118
-
Size
91KB
-
MD5
198c3d7beef8f5107eb884dd35a6bf07
-
SHA1
fedc3200cac20e80ec712b9a72346540cff454ef
-
SHA256
cef6fb469154c9805fa9ca778a7919840695f9bc074e1d2e484d0c8dcb70cfe3
-
SHA512
3a8a1123d8b7b0ddad271191985858be23591976887a54a7215e3ad78fcdd9e9d8ba0041d31e873c1231b42a58d83f867040cb96171e12b21f09ccd1435fde2a
-
SSDEEP
1536:duteSLtAYHRNGu2+NICv3DU3ei1tE7jwaaHw7Koj4rL/OpNGiY:IY8tHHRNGV+eCfkLgjwaaHw7Koj4rK
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1