General
-
Target
19caf51c1161d99b0f5453668e5265fc_JaffaCakes118
-
Size
424KB
-
Sample
240628-mjw7maxdjm
-
MD5
19caf51c1161d99b0f5453668e5265fc
-
SHA1
15338beba32365ff867d243aa29b11d105ffe270
-
SHA256
66beb71e9151230ffd900a01bb2996ec7ff2d58c612c4d668eee5521dd1dc723
-
SHA512
7660cafd72de646d4a0955bec3b37ded9d790a35002b33189195001c262f3cf1e30b4b7b95f1ca3b7fc92e60096d377b7806fb73f4edda35e23cf3278bda54fd
-
SSDEEP
12288:lutrzh7xOXkFBQ1LBATkEZR6gSQwiY3HS6m+KCk:lutrbOUFMAAEvLwfiYo
Static task
static1
Behavioral task
behavioral1
Sample
19caf51c1161d99b0f5453668e5265fc_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
19caf51c1161d99b0f5453668e5265fc_JaffaCakes118
-
Size
424KB
-
MD5
19caf51c1161d99b0f5453668e5265fc
-
SHA1
15338beba32365ff867d243aa29b11d105ffe270
-
SHA256
66beb71e9151230ffd900a01bb2996ec7ff2d58c612c4d668eee5521dd1dc723
-
SHA512
7660cafd72de646d4a0955bec3b37ded9d790a35002b33189195001c262f3cf1e30b4b7b95f1ca3b7fc92e60096d377b7806fb73f4edda35e23cf3278bda54fd
-
SSDEEP
12288:lutrzh7xOXkFBQ1LBATkEZR6gSQwiY3HS6m+KCk:lutrbOUFMAAEvLwfiYo
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1