General
-
Target
1b8fbf1b54ddb66967a1492c69c3c869_JaffaCakes118
-
Size
128KB
-
Sample
240701-q87lfayerr
-
MD5
1b8fbf1b54ddb66967a1492c69c3c869
-
SHA1
039b75395ec0f0995bed12195a9e50c8c2c7e06d
-
SHA256
c470d8998c598ded4464267d0a8b076b41e47503efac9e08f000f855702d6db3
-
SHA512
8e78e6c01e7e06bd65f9de1a55cf2127b7627a5ea486dd3532c394de4c7ce8507690d5b291e48240c94c740f7cc929fb88f0983cca305bb39ef84584009a802d
-
SSDEEP
3072:ixhTKNhqsaNc7htXjMIdP/oHhAdM2wDzxwBtt+Lo:ClKbqst7rTMwISdM2zBttl
Static task
static1
Behavioral task
behavioral1
Sample
1b8fbf1b54ddb66967a1492c69c3c869_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1b8fbf1b54ddb66967a1492c69c3c869_JaffaCakes118
-
Size
128KB
-
MD5
1b8fbf1b54ddb66967a1492c69c3c869
-
SHA1
039b75395ec0f0995bed12195a9e50c8c2c7e06d
-
SHA256
c470d8998c598ded4464267d0a8b076b41e47503efac9e08f000f855702d6db3
-
SHA512
8e78e6c01e7e06bd65f9de1a55cf2127b7627a5ea486dd3532c394de4c7ce8507690d5b291e48240c94c740f7cc929fb88f0983cca305bb39ef84584009a802d
-
SSDEEP
3072:ixhTKNhqsaNc7htXjMIdP/oHhAdM2wDzxwBtt+Lo:ClKbqst7rTMwISdM2zBttl
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1