General
-
Target
1b47a070106c88c4b0c2e0901d989e3c_JaffaCakes118
-
Size
120KB
-
Sample
240701-phyeea1emg
-
MD5
1b47a070106c88c4b0c2e0901d989e3c
-
SHA1
3bb007059cca038e9266e5e08ff1711e981feccd
-
SHA256
d6585dcf190836833364f87f6a154e32def70e5cbe26f6910166851c35987a34
-
SHA512
6189ab8671e7545696bbed09d1e8611e4e1af9154e6feddc36c4963b29095b2b0417aecb7b096c46f60f37cba5a5bfeb7bf5690db5ad0ecf080c0e9a8cd83fdd
-
SSDEEP
3072:dFGPNfa6dSDHuFg3x9j2vNx4yhlo3clk21SwKzRMR:d+9+60yBZ1Sw
Static task
static1
Behavioral task
behavioral1
Sample
1b47a070106c88c4b0c2e0901d989e3c_JaffaCakes118.dll
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1b47a070106c88c4b0c2e0901d989e3c_JaffaCakes118
-
Size
120KB
-
MD5
1b47a070106c88c4b0c2e0901d989e3c
-
SHA1
3bb007059cca038e9266e5e08ff1711e981feccd
-
SHA256
d6585dcf190836833364f87f6a154e32def70e5cbe26f6910166851c35987a34
-
SHA512
6189ab8671e7545696bbed09d1e8611e4e1af9154e6feddc36c4963b29095b2b0417aecb7b096c46f60f37cba5a5bfeb7bf5690db5ad0ecf080c0e9a8cd83fdd
-
SSDEEP
3072:dFGPNfa6dSDHuFg3x9j2vNx4yhlo3clk21SwKzRMR:d+9+60yBZ1Sw
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1