General
-
Target
1e4e3f38c4c97d1ee04746e35aaef138_JaffaCakes118
-
Size
100KB
-
Sample
240329-k9a1zaef57
-
MD5
1e4e3f38c4c97d1ee04746e35aaef138
-
SHA1
f08b17112ec7095d1de6b4b3aa94ad55c10f3afd
-
SHA256
e74eefabeb4100fc87a203391bf3fd54a9d7ec257e2226556a030599898c3632
-
SHA512
0edb125e347d0286772e774a9871dc27e0ec396e991a2ffefd18e26f05dc9d956baf21468503316bece654bf2ab6c6dcf86a583336e02b4e933d851a25516775
-
SSDEEP
1536:TvsdhEhps6ACVlXGfI5ID80LvWalWhjwHwJy050N3jkWe4SGmEGBfu:TvOaIIWUYvowQxU3oWe4GA
Static task
static1
Behavioral task
behavioral1
Sample
1e4e3f38c4c97d1ee04746e35aaef138_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1e4e3f38c4c97d1ee04746e35aaef138_JaffaCakes118
-
Size
100KB
-
MD5
1e4e3f38c4c97d1ee04746e35aaef138
-
SHA1
f08b17112ec7095d1de6b4b3aa94ad55c10f3afd
-
SHA256
e74eefabeb4100fc87a203391bf3fd54a9d7ec257e2226556a030599898c3632
-
SHA512
0edb125e347d0286772e774a9871dc27e0ec396e991a2ffefd18e26f05dc9d956baf21468503316bece654bf2ab6c6dcf86a583336e02b4e933d851a25516775
-
SSDEEP
1536:TvsdhEhps6ACVlXGfI5ID80LvWalWhjwHwJy050N3jkWe4SGmEGBfu:TvOaIIWUYvowQxU3oWe4GA
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3