General
-
Target
1aa5151b279daf77362b36a8dc54ee63_JaffaCakes118
-
Size
300KB
-
Sample
240701-kmbzrasaqb
-
MD5
1aa5151b279daf77362b36a8dc54ee63
-
SHA1
b7f7bfaf32f9cf25b31d035bfe9c2441e9beff6e
-
SHA256
0af199e71e949ab31fc0051bdcec3dd76a8b2d27ef190a662b2ba18c8a166dbc
-
SHA512
d7cdc4eee7ee273f1eb747aeffc2f45d73b7c33ed039f6eb40be78c97d4f94aaa8668b4909bddefaddf32441ab3ea15fbebaa8266dcd59f679b59ea1948c2757
-
SSDEEP
3072:d6qdBeR3o5vT0o4mpM7RZfHDgtJtfMTIU6hQs/DYcmVS/57uqoPCiJ9+i648qGjo:RBeSRTqjfHYL0+scVprZ4DEFkQzW04
Static task
static1
Behavioral task
behavioral1
Sample
1aa5151b279daf77362b36a8dc54ee63_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1aa5151b279daf77362b36a8dc54ee63_JaffaCakes118
-
Size
300KB
-
MD5
1aa5151b279daf77362b36a8dc54ee63
-
SHA1
b7f7bfaf32f9cf25b31d035bfe9c2441e9beff6e
-
SHA256
0af199e71e949ab31fc0051bdcec3dd76a8b2d27ef190a662b2ba18c8a166dbc
-
SHA512
d7cdc4eee7ee273f1eb747aeffc2f45d73b7c33ed039f6eb40be78c97d4f94aaa8668b4909bddefaddf32441ab3ea15fbebaa8266dcd59f679b59ea1948c2757
-
SSDEEP
3072:d6qdBeR3o5vT0o4mpM7RZfHDgtJtfMTIU6hQs/DYcmVS/57uqoPCiJ9+i648qGjo:RBeSRTqjfHYL0+scVprZ4DEFkQzW04
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1