General
-
Target
1b6361d297f7566627fbdc7210f3677b_JaffaCakes118
-
Size
100KB
-
Sample
240701-p7rm6asglb
-
MD5
1b6361d297f7566627fbdc7210f3677b
-
SHA1
71e9a459b3411cdded8bde271768c30d3297d624
-
SHA256
5e996c8d3e0698155e4cd5667b05bac6ba502768d6d52c55b4d4af946665835f
-
SHA512
a7b56512064e1dfeb2bdb419808a0d69746d1b1b7b28bd5a0c6351c9f84f3cd3f2cc1ae293255c620c451e375b32c4766aa625da89ee839e8b2f5251acf2c770
-
SSDEEP
1536:iCFyYNLN3pH9IfzipfR6Za74OxXqHTg7sdwVJS/zbDJSqkH3Oe/Wk8NOISOXq:TgYNLNZdIfzip52jOOUsnFWHeXkvIS
Static task
static1
Behavioral task
behavioral1
Sample
1b6361d297f7566627fbdc7210f3677b_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1b6361d297f7566627fbdc7210f3677b_JaffaCakes118
-
Size
100KB
-
MD5
1b6361d297f7566627fbdc7210f3677b
-
SHA1
71e9a459b3411cdded8bde271768c30d3297d624
-
SHA256
5e996c8d3e0698155e4cd5667b05bac6ba502768d6d52c55b4d4af946665835f
-
SHA512
a7b56512064e1dfeb2bdb419808a0d69746d1b1b7b28bd5a0c6351c9f84f3cd3f2cc1ae293255c620c451e375b32c4766aa625da89ee839e8b2f5251acf2c770
-
SSDEEP
1536:iCFyYNLN3pH9IfzipfR6Za74OxXqHTg7sdwVJS/zbDJSqkH3Oe/Wk8NOISOXq:TgYNLNZdIfzip52jOOUsnFWHeXkvIS
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1