General
-
Target
17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118
-
Size
168KB
-
Sample
240627-yqqh7szfrp
-
MD5
17555e2385b38ef8f73ad76211e74fd1
-
SHA1
5183e4999d648d6ffbafc744a72f5c07301ef51d
-
SHA256
d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67
-
SHA512
e04cc2fdf0e05807a3202905315bf1e564f2d108b23caeb160ab2c3cc8c188a4f1a2b59a09df3ff5cb473ff70b19b8d5f213d60b832b7b9e278ca6a8334b3a9b
-
SSDEEP
3072:Dxf026qbJ1y4GNq5jz+/YiMaY7lsSMsp7P+unkRYx5w:oqHGoq/TMFh1Mspi5n
Static task
static1
Behavioral task
behavioral1
Sample
17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118
-
Size
168KB
-
MD5
17555e2385b38ef8f73ad76211e74fd1
-
SHA1
5183e4999d648d6ffbafc744a72f5c07301ef51d
-
SHA256
d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67
-
SHA512
e04cc2fdf0e05807a3202905315bf1e564f2d108b23caeb160ab2c3cc8c188a4f1a2b59a09df3ff5cb473ff70b19b8d5f213d60b832b7b9e278ca6a8334b3a9b
-
SSDEEP
3072:Dxf026qbJ1y4GNq5jz+/YiMaY7lsSMsp7P+unkRYx5w:oqHGoq/TMFh1Mspi5n
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1