General
-
Target
1b6fdab88cea4620c9e5cde65361e914_JaffaCakes118
-
Size
377KB
-
Sample
240701-qg1ntatcqd
-
MD5
1b6fdab88cea4620c9e5cde65361e914
-
SHA1
c6c7f637255b4193d7b9afe052b131d427b3cbbb
-
SHA256
e77808e699f1dfd6dae94a7efcf6f977417d27c42d5178b7b203638b58cd92fd
-
SHA512
e42a1e089de7bc37e9e8e90016e382abfdbeab6fbc908fb821d08b022ec20b07d8ba85203b401152b47b287344b61ced48461c3a9cb8a47c483f344dafdb077e
-
SSDEEP
6144:CPUrKuc8ssVpIv4t3+h9omAjxFiOdZmzUac1oNNASIn76U+FmYyzdFi4M8We18B:C8rKucRSpKNhLAVFzD1oNW9nh+FngWeS
Behavioral task
behavioral1
Sample
1b6fdab88cea4620c9e5cde65361e914_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1b6fdab88cea4620c9e5cde65361e914_JaffaCakes118
-
Size
377KB
-
MD5
1b6fdab88cea4620c9e5cde65361e914
-
SHA1
c6c7f637255b4193d7b9afe052b131d427b3cbbb
-
SHA256
e77808e699f1dfd6dae94a7efcf6f977417d27c42d5178b7b203638b58cd92fd
-
SHA512
e42a1e089de7bc37e9e8e90016e382abfdbeab6fbc908fb821d08b022ec20b07d8ba85203b401152b47b287344b61ced48461c3a9cb8a47c483f344dafdb077e
-
SSDEEP
6144:CPUrKuc8ssVpIv4t3+h9omAjxFiOdZmzUac1oNNASIn76U+FmYyzdFi4M8We18B:C8rKucRSpKNhLAVFzD1oNW9nh+FngWeS
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
7Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1