General
-
Target
180585584c14d9afbaa0670fad166c5f_JaffaCakes118
-
Size
832KB
-
Sample
240627-3x82cazbkd
-
MD5
180585584c14d9afbaa0670fad166c5f
-
SHA1
500b7099db374c718f3fd3a399750ad44bb74138
-
SHA256
9e19c4b9e6c9e8715b20a36bdfda405ca12cfd26adb1ec6316a4f7256c60884b
-
SHA512
4d685d7e7fb4a868d7cc622209c14e1f3a862b34aa0b13d4aca02ce5fce2278a5ed1e1ba89c7255f5ccf0c1f608bde1a55de527b6855ffa587743b3552c91e44
-
SSDEEP
12288:tPTv+CFW4hPdahP/RN2kU7fWS36pweWGJr619QV4qqxEnEk3D6qC5Uju80rv1mNs:tPSH4hQP/RN2fLqNK9QV4qBH1edefKP
Static task
static1
Behavioral task
behavioral1
Sample
180585584c14d9afbaa0670fad166c5f_JaffaCakes118.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
180585584c14d9afbaa0670fad166c5f_JaffaCakes118
-
Size
832KB
-
MD5
180585584c14d9afbaa0670fad166c5f
-
SHA1
500b7099db374c718f3fd3a399750ad44bb74138
-
SHA256
9e19c4b9e6c9e8715b20a36bdfda405ca12cfd26adb1ec6316a4f7256c60884b
-
SHA512
4d685d7e7fb4a868d7cc622209c14e1f3a862b34aa0b13d4aca02ce5fce2278a5ed1e1ba89c7255f5ccf0c1f608bde1a55de527b6855ffa587743b3552c91e44
-
SSDEEP
12288:tPTv+CFW4hPdahP/RN2kU7fWS36pweWGJr619QV4qqxEnEk3D6qC5Uju80rv1mNs:tPSH4hQP/RN2fLqNK9QV4qBH1edefKP
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1