General
-
Target
1a846bcdaf37342e5fac5baef98e9ae9_JaffaCakes118
-
Size
502KB
-
Sample
240701-jtq7kstdmj
-
MD5
1a846bcdaf37342e5fac5baef98e9ae9
-
SHA1
e3d37c757d9b50c3a06f66df4803c7a5091d909a
-
SHA256
155e07495229f1426dfaaf45e794afe2bbd7fda7f6b9e467e0449ae8961ea8e7
-
SHA512
82199e252dc1f5e3d53c7db41a3f47ccac9302bd35e02b7061470f3420e07026f8a44419e57c47645f52599215603f9346e0de444d7746b2a086da0e266cea8e
-
SSDEEP
6144:jmDI1LnqsuP1yMpSKHaqyQXSEpSC5Rdh/vGsztc5K6AT:d5qJoMwqLZhflztc5K6AT
Static task
static1
Behavioral task
behavioral1
Sample
1a846bcdaf37342e5fac5baef98e9ae9_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1a846bcdaf37342e5fac5baef98e9ae9_JaffaCakes118
-
Size
502KB
-
MD5
1a846bcdaf37342e5fac5baef98e9ae9
-
SHA1
e3d37c757d9b50c3a06f66df4803c7a5091d909a
-
SHA256
155e07495229f1426dfaaf45e794afe2bbd7fda7f6b9e467e0449ae8961ea8e7
-
SHA512
82199e252dc1f5e3d53c7db41a3f47ccac9302bd35e02b7061470f3420e07026f8a44419e57c47645f52599215603f9346e0de444d7746b2a086da0e266cea8e
-
SSDEEP
6144:jmDI1LnqsuP1yMpSKHaqyQXSEpSC5Rdh/vGsztc5K6AT:d5qJoMwqLZhflztc5K6AT
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1