General
-
Target
1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118
-
Size
792KB
-
Sample
240628-qr8geasbjb
-
MD5
1a4e0616d3bb6faaae67c2b9655b3691
-
SHA1
1063f0d26a161d91dec14755a65862be23f4d011
-
SHA256
86584928126b210987919b533525f52937b87a2877130a39d456a37ccb9ee828
-
SHA512
5d76bd1801a66e51d326aabc15e7fb3464590726101e72789917d287b1c5eb1afe48c4be5933f46091f555e5b7f918cb164eabfba77a131af2c92e37e3402c58
-
SSDEEP
12288:FEnnhoUxDJKzPNZeO+2HBtIEMt/4FylEQKvC9ss+jJwdmDHif/uuhbJ2XyiCyai:JQaZx+2jIE0/jGgPghTspJ2kyn
Behavioral task
behavioral1
Sample
1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1a4e0616d3bb6faaae67c2b9655b3691_JaffaCakes118
-
Size
792KB
-
MD5
1a4e0616d3bb6faaae67c2b9655b3691
-
SHA1
1063f0d26a161d91dec14755a65862be23f4d011
-
SHA256
86584928126b210987919b533525f52937b87a2877130a39d456a37ccb9ee828
-
SHA512
5d76bd1801a66e51d326aabc15e7fb3464590726101e72789917d287b1c5eb1afe48c4be5933f46091f555e5b7f918cb164eabfba77a131af2c92e37e3402c58
-
SSDEEP
12288:FEnnhoUxDJKzPNZeO+2HBtIEMt/4FylEQKvC9ss+jJwdmDHif/uuhbJ2XyiCyai:JQaZx+2jIE0/jGgPghTspJ2kyn
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1