General
-
Target
19b9be7e130420cef0af652b7b60844e_JaffaCakes118
-
Size
90KB
-
Sample
240628-l3wvjatcqh
-
MD5
19b9be7e130420cef0af652b7b60844e
-
SHA1
d54f2501f344721818d1b84c8ff8a06bda0769bb
-
SHA256
1ae260e5589bdc78cea5f1f3fd72944a539000e08c5c3b63b5982d3f35826c68
-
SHA512
e07004e0986ab07d7d7fa96bea1217d0e3bd4f390867af9fa4cf1ce10560ac869b24b4a46abbf93c30b0e013258261e8735bf0324492d90466d6c39bba3c673e
-
SSDEEP
1536:s4bklXFxdOdIwlB59qZLaPxWZx59tG1UTbDwj24xjaW1LbdAfsP6QxvU5jqJbc:s4bUp81r5WixCtG1iDU2cawWEny52JY
Static task
static1
Behavioral task
behavioral1
Sample
19b9be7e130420cef0af652b7b60844e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
19b9be7e130420cef0af652b7b60844e_JaffaCakes118
-
Size
90KB
-
MD5
19b9be7e130420cef0af652b7b60844e
-
SHA1
d54f2501f344721818d1b84c8ff8a06bda0769bb
-
SHA256
1ae260e5589bdc78cea5f1f3fd72944a539000e08c5c3b63b5982d3f35826c68
-
SHA512
e07004e0986ab07d7d7fa96bea1217d0e3bd4f390867af9fa4cf1ce10560ac869b24b4a46abbf93c30b0e013258261e8735bf0324492d90466d6c39bba3c673e
-
SSDEEP
1536:s4bklXFxdOdIwlB59qZLaPxWZx59tG1UTbDwj24xjaW1LbdAfsP6QxvU5jqJbc:s4bUp81r5WixCtG1iDU2cawWEny52JY
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1