General
-
Target
12d5cb01f4f98d75b72318337933b97b_JaffaCakes118
-
Size
100KB
-
Sample
240328-3j38yabf7y
-
MD5
12d5cb01f4f98d75b72318337933b97b
-
SHA1
6099a40713e4b1a75672afd92f1550d512a5b7f7
-
SHA256
49b8f9521f321d1144722dce5f9c73e80c0e16027ec6af86a85f98a7df737ec2
-
SHA512
a4a51d9aba09a14ec56386da553608c1dea95a74163a242baebeb5785290a4511c5b0e9732216520df3f393063745066b822cc2bd02822eddf6246a2ff5afeef
-
SSDEEP
3072:CnkuWbdn5MgsrfTbbb7XFn5/NlnOVxyo6dsVZ:CkbBGPXV5/NlnO3W
Static task
static1
Behavioral task
behavioral1
Sample
12d5cb01f4f98d75b72318337933b97b_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
12d5cb01f4f98d75b72318337933b97b_JaffaCakes118
-
Size
100KB
-
MD5
12d5cb01f4f98d75b72318337933b97b
-
SHA1
6099a40713e4b1a75672afd92f1550d512a5b7f7
-
SHA256
49b8f9521f321d1144722dce5f9c73e80c0e16027ec6af86a85f98a7df737ec2
-
SHA512
a4a51d9aba09a14ec56386da553608c1dea95a74163a242baebeb5785290a4511c5b0e9732216520df3f393063745066b822cc2bd02822eddf6246a2ff5afeef
-
SSDEEP
3072:CnkuWbdn5MgsrfTbbb7XFn5/NlnOVxyo6dsVZ:CkbBGPXV5/NlnO3W
-
Modifies firewall policy service
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3