General
-
Target
1aad60a78503b27e9fe602669f644d0e_JaffaCakes118
-
Size
120KB
-
Sample
240701-kt49wawbqp
-
MD5
1aad60a78503b27e9fe602669f644d0e
-
SHA1
02223caf5c4e97518ae4ed35dbf521ae95f3a9cc
-
SHA256
1ec910418b39b96929aac3a3d216e8b8c5c0861bca684554d12c9292b719ade8
-
SHA512
a21e668da69f5d98a45ffaaa5dd2adcd1c38a1b40d0e34a96c328abdbd904a6cc2cd193112abd2ede16e14724529c0cc21abe9cac2988fcfff939eccb17fa53f
-
SSDEEP
3072:8cCgW2mWb8iXY+CVm+slOA/IKCvQbRLqm5KfnliNZ4tiU/:8cCGmWeVGAeMYz0flijK
Static task
static1
Behavioral task
behavioral1
Sample
1aad60a78503b27e9fe602669f644d0e_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1aad60a78503b27e9fe602669f644d0e_JaffaCakes118
-
Size
120KB
-
MD5
1aad60a78503b27e9fe602669f644d0e
-
SHA1
02223caf5c4e97518ae4ed35dbf521ae95f3a9cc
-
SHA256
1ec910418b39b96929aac3a3d216e8b8c5c0861bca684554d12c9292b719ade8
-
SHA512
a21e668da69f5d98a45ffaaa5dd2adcd1c38a1b40d0e34a96c328abdbd904a6cc2cd193112abd2ede16e14724529c0cc21abe9cac2988fcfff939eccb17fa53f
-
SSDEEP
3072:8cCgW2mWb8iXY+CVm+slOA/IKCvQbRLqm5KfnliNZ4tiU/:8cCGmWeVGAeMYz0flijK
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1