General
-
Target
159f90d0509b218f3d15d1d5fb32385e_JaffaCakes118
-
Size
600KB
-
Sample
240627-marksawckc
-
MD5
159f90d0509b218f3d15d1d5fb32385e
-
SHA1
94768dcaee022019f876293a222eaa57d7e9d4a6
-
SHA256
c825a1cac47c348f08ffbcb4f10c3d5a1f3505d1c97245c3b2808b4ff3ec0a7f
-
SHA512
444e5ed931f538311a347b469930fa9c3fedc75ee37affc855df09a96ed3bf0d48371aa34a2ac87a6bd309f84d9e968577b2cb9d7c8b7607153fafa9178f1123
-
SSDEEP
12288:T31YUfnn4/2Ywhh5tH6Q4CvPybjdFoDI86tABMr:OAjHH2CvPynPt8H
Static task
static1
Behavioral task
behavioral1
Sample
159f90d0509b218f3d15d1d5fb32385e_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
159f90d0509b218f3d15d1d5fb32385e_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
latentbot
nyandcompany.zapto.org
1nyandcompany.zapto.org
2nyandcompany.zapto.org
3nyandcompany.zapto.org
4nyandcompany.zapto.org
5nyandcompany.zapto.org
6nyandcompany.zapto.org
7nyandcompany.zapto.org
8nyandcompany.zapto.org
Targets
-
-
Target
159f90d0509b218f3d15d1d5fb32385e_JaffaCakes118
-
Size
600KB
-
MD5
159f90d0509b218f3d15d1d5fb32385e
-
SHA1
94768dcaee022019f876293a222eaa57d7e9d4a6
-
SHA256
c825a1cac47c348f08ffbcb4f10c3d5a1f3505d1c97245c3b2808b4ff3ec0a7f
-
SHA512
444e5ed931f538311a347b469930fa9c3fedc75ee37affc855df09a96ed3bf0d48371aa34a2ac87a6bd309f84d9e968577b2cb9d7c8b7607153fafa9178f1123
-
SSDEEP
12288:T31YUfnn4/2Ywhh5tH6Q4CvPybjdFoDI86tABMr:OAjHH2CvPynPt8H
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1