General
-
Target
1d31d4f6c88a2f38d2750733df822fb6_JaffaCakes118
-
Size
1.4MB
-
Sample
240702-bcfqhsthlr
-
MD5
1d31d4f6c88a2f38d2750733df822fb6
-
SHA1
61c246104b2ab1d7e9e51d095b4d3924a675a0a0
-
SHA256
d959533c8ebd8f01b71f18724bb1d3e4b56f1cae10b42e9646fbae252bcf08df
-
SHA512
b2f8168b174d7b4767c019cc3ef7ff9017b6d68d2b6e5c5fab527e08bb02d0b2bd89cb748430e74a2ea8ead0fdc25e8971cabd408b36609b99c7c4022aaf008f
-
SSDEEP
24576:CHkvKha8vcsqLGu9BBdmZr3ndDkd9f+Vjz4nIrICWvuS3G8r/6TyBRzWxPsB24aq:C6Kdv8ukCtM2Irvz3tryuBwxU2QaSp
Static task
static1
Behavioral task
behavioral1
Sample
1d31d4f6c88a2f38d2750733df822fb6_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1d31d4f6c88a2f38d2750733df822fb6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1d31d4f6c88a2f38d2750733df822fb6_JaffaCakes118
-
Size
1.4MB
-
MD5
1d31d4f6c88a2f38d2750733df822fb6
-
SHA1
61c246104b2ab1d7e9e51d095b4d3924a675a0a0
-
SHA256
d959533c8ebd8f01b71f18724bb1d3e4b56f1cae10b42e9646fbae252bcf08df
-
SHA512
b2f8168b174d7b4767c019cc3ef7ff9017b6d68d2b6e5c5fab527e08bb02d0b2bd89cb748430e74a2ea8ead0fdc25e8971cabd408b36609b99c7c4022aaf008f
-
SSDEEP
24576:CHkvKha8vcsqLGu9BBdmZr3ndDkd9f+Vjz4nIrICWvuS3G8r/6TyBRzWxPsB24aq:C6Kdv8ukCtM2Irvz3tryuBwxU2QaSp
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-