General
-
Target
1a466065bc9997c4757e4739ed07fb42_JaffaCakes118
-
Size
243KB
-
Sample
240628-qle8nsvark
-
MD5
1a466065bc9997c4757e4739ed07fb42
-
SHA1
ede4dcfa02f62dd2f5de5e7987cbe64871ee2f66
-
SHA256
d340f8163f599b8f52eda452caf625c2036db62d4eca7e5bca8f7b095a1edcde
-
SHA512
e29cc862a941d667b0af0bb7c84815392bc9bc904e65d2ed0eb1de1bfcf216dd7e7e1579680bc1c2647a4e50aadaa9c57ba7e52fa55db284c5acd756e9fad077
-
SSDEEP
6144:QFLFE+xd3Fyprbf6ZJr8DPBUDthcOWpa0pBRi08Y6:QPd1kcF8NUDjcOWpaabis
Behavioral task
behavioral1
Sample
1a466065bc9997c4757e4739ed07fb42_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
1a466065bc9997c4757e4739ed07fb42_JaffaCakes118
-
Size
243KB
-
MD5
1a466065bc9997c4757e4739ed07fb42
-
SHA1
ede4dcfa02f62dd2f5de5e7987cbe64871ee2f66
-
SHA256
d340f8163f599b8f52eda452caf625c2036db62d4eca7e5bca8f7b095a1edcde
-
SHA512
e29cc862a941d667b0af0bb7c84815392bc9bc904e65d2ed0eb1de1bfcf216dd7e7e1579680bc1c2647a4e50aadaa9c57ba7e52fa55db284c5acd756e9fad077
-
SSDEEP
6144:QFLFE+xd3Fyprbf6ZJr8DPBUDthcOWpa0pBRi08Y6:QPd1kcF8NUDjcOWpaabis
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1