General
-
Target
1b385acda7bc7cccbd8fd350cba27eb3_JaffaCakes118
-
Size
100KB
-
Sample
240701-n6nz7szgrd
-
MD5
1b385acda7bc7cccbd8fd350cba27eb3
-
SHA1
07d521ae6cf00a6d9a584d2aacbbc11c0a5619e6
-
SHA256
047130f93189a324ac83139ce1c50e293f44a15490e20763aff8596c654cd63c
-
SHA512
381a21b8481c3a92a0f829f94a79f283af59d59f6c378e25ce25a02a792d30ad30bb9bbff57f8143281e55fa41ec2a2fdbe98515518eaec5a2be798f10d2822c
-
SSDEEP
3072:z1LkM15OZp74sWtngnAb0+BIL8phNVnkBQbLCuDu7k:VkM15G74U+BILotkabLCiu
Static task
static1
Behavioral task
behavioral1
Sample
1b385acda7bc7cccbd8fd350cba27eb3_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1b385acda7bc7cccbd8fd350cba27eb3_JaffaCakes118
-
Size
100KB
-
MD5
1b385acda7bc7cccbd8fd350cba27eb3
-
SHA1
07d521ae6cf00a6d9a584d2aacbbc11c0a5619e6
-
SHA256
047130f93189a324ac83139ce1c50e293f44a15490e20763aff8596c654cd63c
-
SHA512
381a21b8481c3a92a0f829f94a79f283af59d59f6c378e25ce25a02a792d30ad30bb9bbff57f8143281e55fa41ec2a2fdbe98515518eaec5a2be798f10d2822c
-
SSDEEP
3072:z1LkM15OZp74sWtngnAb0+BIL8phNVnkBQbLCuDu7k:VkM15G74U+BILotkabLCiu
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1