General
-
Target
a3c0870cf6e4ca6e43d78a64e6b87c5c_JaffaCakes118
-
Size
142KB
-
Sample
240613-ehm9bstcph
-
MD5
a3c0870cf6e4ca6e43d78a64e6b87c5c
-
SHA1
5704e05575d026a1c87d1496a9c63d5979ad9e39
-
SHA256
291dd0928569306e54b7ff9fc217bf704d646960fe1ec25a7cc431e4af6874e4
-
SHA512
d31745d4deb5a89aa5ef8c6d46a73738dbead525072c20cc55e5e25d7f1a22de031f26925942209c4b6f3f48414df57fcc169c1b61fde2119bb2c8fca7d7eb18
-
SSDEEP
3072:DJMawtnGqtWoKeZC62aoNUSFcsCDFgfBS:3w9vteQJYUGcPO
Malware Config
Targets
-
-
Target
a3c0870cf6e4ca6e43d78a64e6b87c5c_JaffaCakes118
-
Size
142KB
-
MD5
a3c0870cf6e4ca6e43d78a64e6b87c5c
-
SHA1
5704e05575d026a1c87d1496a9c63d5979ad9e39
-
SHA256
291dd0928569306e54b7ff9fc217bf704d646960fe1ec25a7cc431e4af6874e4
-
SHA512
d31745d4deb5a89aa5ef8c6d46a73738dbead525072c20cc55e5e25d7f1a22de031f26925942209c4b6f3f48414df57fcc169c1b61fde2119bb2c8fca7d7eb18
-
SSDEEP
3072:DJMawtnGqtWoKeZC62aoNUSFcsCDFgfBS:3w9vteQJYUGcPO
Score6/10-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1