General
-
Target
1c83a491dc84689ba35c6d881578b61f_JaffaCakes118
-
Size
4.0MB
-
Sample
240701-z1185atepk
-
MD5
1c83a491dc84689ba35c6d881578b61f
-
SHA1
89e2665f9249003ead17ec92072d820edb54efe1
-
SHA256
696821fe58956fe84442e2e536a4551cca48d8477b536bc7714a2ad2a78af7e7
-
SHA512
e12ddcfca8cd2fd3fe0ab8a90c38bf8fd19be4f8231c3191b44b28fd10a1781feebc93ed7e0305552588706b63fc5f22381a62b7bec154e87b9f869a347a69b7
-
SSDEEP
98304:NbtJfSKbza2K3YUu7hoBBjiKiy/ZCvwaFo9OSg11fE:NbjbpK3LT2KDIoaF6OSgPs
Malware Config
Targets
-
-
Target
1c83a491dc84689ba35c6d881578b61f_JaffaCakes118
-
Size
4.0MB
-
MD5
1c83a491dc84689ba35c6d881578b61f
-
SHA1
89e2665f9249003ead17ec92072d820edb54efe1
-
SHA256
696821fe58956fe84442e2e536a4551cca48d8477b536bc7714a2ad2a78af7e7
-
SHA512
e12ddcfca8cd2fd3fe0ab8a90c38bf8fd19be4f8231c3191b44b28fd10a1781feebc93ed7e0305552588706b63fc5f22381a62b7bec154e87b9f869a347a69b7
-
SSDEEP
98304:NbtJfSKbza2K3YUu7hoBBjiKiy/ZCvwaFo9OSg11fE:NbjbpK3LT2KDIoaF6OSgPs
Score8/10-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
1Service Execution
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Scheduled Task
1