General
-
Target
1bad6dc2ed65ea9079e2a623d586e3b1_JaffaCakes118
-
Size
100KB
-
Sample
240701-ry949a1ajp
-
MD5
1bad6dc2ed65ea9079e2a623d586e3b1
-
SHA1
081bc5a5e3e3bc843d045c119e256e753e2545d4
-
SHA256
a27470ac69d40051ac6a0fa057c7ba880e062d292e23241d73959b0fa5ce620d
-
SHA512
0f0002e547c4a8c0fcac0978865c5c80f4523c775e7eca47ff168ff6324f3764d7f94e8208742b1e3d5a17bc0aae21ae74f3ab5cddb0428ea2a47bc3eebe4e52
-
SSDEEP
1536:mbD2bWwQvEVyxHV+Y6DhcjuozXCxwDo1+NCubhb+/pk/n052:mbEWwQ7xH3gSSYKYooNCLpk/0c
Static task
static1
Behavioral task
behavioral1
Sample
1bad6dc2ed65ea9079e2a623d586e3b1_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1bad6dc2ed65ea9079e2a623d586e3b1_JaffaCakes118
-
Size
100KB
-
MD5
1bad6dc2ed65ea9079e2a623d586e3b1
-
SHA1
081bc5a5e3e3bc843d045c119e256e753e2545d4
-
SHA256
a27470ac69d40051ac6a0fa057c7ba880e062d292e23241d73959b0fa5ce620d
-
SHA512
0f0002e547c4a8c0fcac0978865c5c80f4523c775e7eca47ff168ff6324f3764d7f94e8208742b1e3d5a17bc0aae21ae74f3ab5cddb0428ea2a47bc3eebe4e52
-
SSDEEP
1536:mbD2bWwQvEVyxHV+Y6DhcjuozXCxwDo1+NCubhb+/pk/n052:mbEWwQ7xH3gSSYKYooNCLpk/0c
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1