General
-
Target
1b92a5cabb819c864f03ca18d3428165_JaffaCakes118
-
Size
1.1MB
-
Sample
240701-rbzp1avhje
-
MD5
1b92a5cabb819c864f03ca18d3428165
-
SHA1
a56bdc7707ccdf5dfcf6e9769bb98e825020cb77
-
SHA256
9212306dc1b5e72d9c1a4b582a31b14e083147a106d69b93758ddcba7b5f5a84
-
SHA512
9b7ddd59436ae58eb0db59ac6169890a3f5b95d11c7ecf6caf8c3e295efac351154fdd495ec4ce0009651e862935731919b6185f4691f865f77365e74402a472
-
SSDEEP
24576:EeOnGK9VFU+RbTuTXaq5vAzr3TGqSv7Gu57m+zV5ML:cn11TuTXb5Azr3TGLn566ML
Static task
static1
Behavioral task
behavioral1
Sample
1b92a5cabb819c864f03ca18d3428165_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b92a5cabb819c864f03ca18d3428165_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1b92a5cabb819c864f03ca18d3428165_JaffaCakes118
-
Size
1.1MB
-
MD5
1b92a5cabb819c864f03ca18d3428165
-
SHA1
a56bdc7707ccdf5dfcf6e9769bb98e825020cb77
-
SHA256
9212306dc1b5e72d9c1a4b582a31b14e083147a106d69b93758ddcba7b5f5a84
-
SHA512
9b7ddd59436ae58eb0db59ac6169890a3f5b95d11c7ecf6caf8c3e295efac351154fdd495ec4ce0009651e862935731919b6185f4691f865f77365e74402a472
-
SSDEEP
24576:EeOnGK9VFU+RbTuTXaq5vAzr3TGqSv7Gu57m+zV5ML:cn11TuTXb5Azr3TGLn566ML
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1