General
-
Target
1b9dbe6560472bdd6a273ca159bd7ac4_JaffaCakes118
-
Size
284KB
-
Sample
240701-rmcplszcmr
-
MD5
1b9dbe6560472bdd6a273ca159bd7ac4
-
SHA1
95f8e28a34dad8f3be4f6e5cf54530af3960fd67
-
SHA256
e8f7e4061eb0e9fd2a5c5e369ed43acad7d7490d3eb36906d19c796b7a35d2c4
-
SHA512
bdec3b5f2872547fbe093f10ddbcffe71467ba4c0e020e7bbc5b93348b273781e1a31cb89fd1538dfd757443765d7b430afb707b1815ee1d2fe66a5be5da6037
-
SSDEEP
6144:wtZCEapmbxpGaDeRchjq5MGVS4o8erPGs:wtZCxgpGS5hjqtVxGus
Static task
static1
Behavioral task
behavioral1
Sample
1b9dbe6560472bdd6a273ca159bd7ac4_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1b9dbe6560472bdd6a273ca159bd7ac4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1b9dbe6560472bdd6a273ca159bd7ac4_JaffaCakes118
-
Size
284KB
-
MD5
1b9dbe6560472bdd6a273ca159bd7ac4
-
SHA1
95f8e28a34dad8f3be4f6e5cf54530af3960fd67
-
SHA256
e8f7e4061eb0e9fd2a5c5e369ed43acad7d7490d3eb36906d19c796b7a35d2c4
-
SHA512
bdec3b5f2872547fbe093f10ddbcffe71467ba4c0e020e7bbc5b93348b273781e1a31cb89fd1538dfd757443765d7b430afb707b1815ee1d2fe66a5be5da6037
-
SSDEEP
6144:wtZCEapmbxpGaDeRchjq5MGVS4o8erPGs:wtZCxgpGS5hjqtVxGus
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1