General
-
Target
1b20af19468f2385be2da8436febb0ac_JaffaCakes118
-
Size
156KB
-
Sample
240701-nmpgmasdnm
-
MD5
1b20af19468f2385be2da8436febb0ac
-
SHA1
496ea51803ff20573208403f8cedaa28831d1fc1
-
SHA256
5724dff81bdade2b6fe5e858b73421f8f1b1d9aca48dfffce8f5cc18cfcfb8b5
-
SHA512
2c612cb9ebfdc59c76c228f29d2af703a4edb0e5e5337cec23ce19b21af117d449f18f172da02b0a3b68a905086f7c7b7bfeee1f811484b19af575f1d17736e1
-
SSDEEP
3072:lGttwyTViRa7B7xtAYC5jwZgFRnnMbabYwN4jYvhY6:lGXwyRN71xmnhwybnMs
Static task
static1
Behavioral task
behavioral1
Sample
1b20af19468f2385be2da8436febb0ac_JaffaCakes118.dll
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
1b20af19468f2385be2da8436febb0ac_JaffaCakes118
-
Size
156KB
-
MD5
1b20af19468f2385be2da8436febb0ac
-
SHA1
496ea51803ff20573208403f8cedaa28831d1fc1
-
SHA256
5724dff81bdade2b6fe5e858b73421f8f1b1d9aca48dfffce8f5cc18cfcfb8b5
-
SHA512
2c612cb9ebfdc59c76c228f29d2af703a4edb0e5e5337cec23ce19b21af117d449f18f172da02b0a3b68a905086f7c7b7bfeee1f811484b19af575f1d17736e1
-
SSDEEP
3072:lGttwyTViRa7B7xtAYC5jwZgFRnnMbabYwN4jYvhY6:lGXwyRN71xmnhwybnMs
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1