General
-
Target
1a6f813835f8c8ae830280b0b7eec1c6_JaffaCakes118
-
Size
100KB
-
Sample
240628-rkgksawhlk
-
MD5
1a6f813835f8c8ae830280b0b7eec1c6
-
SHA1
27457377193246c1e17335ff76ce2631623b1600
-
SHA256
d26455931c6f6f468c7f32c6b1aaf93fb03fd91f768e557a627026e1211c5a1e
-
SHA512
e87f8d94e7df2372f8420649351f7478fca46b7a664dd0d834f94ecc7578ef97e10b517b2e3a625a24f089d3e20d289d696f02e9875a006fb25b16ea30a588c5
-
SSDEEP
1536:/lqp4iOpL8LoF6kAVmyGrrnQmAUhPRJrdiBgnWqqcgrdZi4EInu:/lqei/HkAhG3nQS3menBqcSfn
Static task
static1
Behavioral task
behavioral1
Sample
1a6f813835f8c8ae830280b0b7eec1c6_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1a6f813835f8c8ae830280b0b7eec1c6_JaffaCakes118
-
Size
100KB
-
MD5
1a6f813835f8c8ae830280b0b7eec1c6
-
SHA1
27457377193246c1e17335ff76ce2631623b1600
-
SHA256
d26455931c6f6f468c7f32c6b1aaf93fb03fd91f768e557a627026e1211c5a1e
-
SHA512
e87f8d94e7df2372f8420649351f7478fca46b7a664dd0d834f94ecc7578ef97e10b517b2e3a625a24f089d3e20d289d696f02e9875a006fb25b16ea30a588c5
-
SSDEEP
1536:/lqp4iOpL8LoF6kAVmyGrrnQmAUhPRJrdiBgnWqqcgrdZi4EInu:/lqei/HkAhG3nQS3menBqcSfn
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1