General
-
Target
1abbbd5011b098c1396619c72f90c510_JaffaCakes118
-
Size
100KB
-
Sample
240701-k8n67swgrj
-
MD5
1abbbd5011b098c1396619c72f90c510
-
SHA1
35d49f3f00ec3afe20b99a3682ab95c57e366fbe
-
SHA256
6d10a32d17d3dde38377df2b1c6718f9892cb5a032cb41a6a288edb6feac2448
-
SHA512
afee1c3c57225da1fc1756e2e0446100d2a1d723480daf841f10e1f863fcbd6abb780406b92429bdb6d58e81d5f99fc7c66837d1c755f6c264314ceadb047380
-
SSDEEP
3072:8UF1EPV2yhrycaSo7RrB9DzmWv/By+UtIYeUw1X+:8UFMV2ydNo7hrmybee
Static task
static1
Behavioral task
behavioral1
Sample
1abbbd5011b098c1396619c72f90c510_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1abbbd5011b098c1396619c72f90c510_JaffaCakes118
-
Size
100KB
-
MD5
1abbbd5011b098c1396619c72f90c510
-
SHA1
35d49f3f00ec3afe20b99a3682ab95c57e366fbe
-
SHA256
6d10a32d17d3dde38377df2b1c6718f9892cb5a032cb41a6a288edb6feac2448
-
SHA512
afee1c3c57225da1fc1756e2e0446100d2a1d723480daf841f10e1f863fcbd6abb780406b92429bdb6d58e81d5f99fc7c66837d1c755f6c264314ceadb047380
-
SSDEEP
3072:8UF1EPV2yhrycaSo7RrB9DzmWv/By+UtIYeUw1X+:8UFMV2ydNo7hrmybee
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1