General
-
Target
1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118
-
Size
612KB
-
Sample
240702-ezyrdszakm
-
MD5
1dfcc6efa62231c7e03a4c4a580acb17
-
SHA1
a3da94d517a842cefe9483210a65307bd78bc0cd
-
SHA256
d2d62a7d6b43cc1536c318f8fe05dc9e615887f12ed2e564fc7485a945617667
-
SHA512
805398310ec3b291daa8b7a1f5a35fcd3909b03910cf1b0cb8904ead8d951d22a3b92d99c4f639538f70d20c059449e8dcdbc03040e450d3d0b863f96bc6ac91
-
SSDEEP
12288:YGcQhuDCRI5YlKZhyeLtHgTl2XtJ6suL1fIjQncllK9KNbN5e:FuDCeYlKKQgTGaIkcK9cPe
Behavioral task
behavioral1
Sample
1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118
-
Size
612KB
-
MD5
1dfcc6efa62231c7e03a4c4a580acb17
-
SHA1
a3da94d517a842cefe9483210a65307bd78bc0cd
-
SHA256
d2d62a7d6b43cc1536c318f8fe05dc9e615887f12ed2e564fc7485a945617667
-
SHA512
805398310ec3b291daa8b7a1f5a35fcd3909b03910cf1b0cb8904ead8d951d22a3b92d99c4f639538f70d20c059449e8dcdbc03040e450d3d0b863f96bc6ac91
-
SSDEEP
12288:YGcQhuDCRI5YlKZhyeLtHgTl2XtJ6suL1fIjQncllK9KNbN5e:FuDCeYlKKQgTGaIkcK9cPe
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1