General
-
Target
20291e95a785699a6d8984ad5c007a7d_JaffaCakes118
-
Size
699KB
-
Sample
240702-vsm93sxarj
-
MD5
20291e95a785699a6d8984ad5c007a7d
-
SHA1
5235fd1e13ae7d352881fec0d67364b171592634
-
SHA256
c5ba9e37c0074db170b67a7aaee205ef5c42860afb7b2ba39c48f817439c1d30
-
SHA512
dbab86649ce5d764584b3a0f9943f82d146be577a67ec0259ca097841fe57ba67d9843cebc4e7b46a57b77759e33a243e81b0b9043515af0fe7e04121ae07464
-
SSDEEP
12288:0NcbhMgr6HwUAJXFKgPR0xH/6G0znMXbXfF32ikcb/ySis065Tbot2H0SNk1:0N6hfGuXPM/HCqbXt3rlbKSis0sb/HNi
Static task
static1
Behavioral task
behavioral1
Sample
20291e95a785699a6d8984ad5c007a7d_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
20291e95a785699a6d8984ad5c007a7d_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
20291e95a785699a6d8984ad5c007a7d_JaffaCakes118
-
Size
699KB
-
MD5
20291e95a785699a6d8984ad5c007a7d
-
SHA1
5235fd1e13ae7d352881fec0d67364b171592634
-
SHA256
c5ba9e37c0074db170b67a7aaee205ef5c42860afb7b2ba39c48f817439c1d30
-
SHA512
dbab86649ce5d764584b3a0f9943f82d146be577a67ec0259ca097841fe57ba67d9843cebc4e7b46a57b77759e33a243e81b0b9043515af0fe7e04121ae07464
-
SSDEEP
12288:0NcbhMgr6HwUAJXFKgPR0xH/6G0znMXbXfF32ikcb/ySis065Tbot2H0SNk1:0N6hfGuXPM/HCqbXt3rlbKSis0sb/HNi
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-