General
-
Target
5d91acb715da8501370af725e44d7aa3_JaffaCakes118
-
Size
824KB
-
Sample
240331-ze1qgacb72
-
MD5
5d91acb715da8501370af725e44d7aa3
-
SHA1
118d2f7c992f0e5ec16b07fd18c410a9517a60e5
-
SHA256
03e1ef8b9811f1ef7b3561f527f2ab4fd7570b06d91ed7507898c98a9ca4c8f6
-
SHA512
ab56c511b5cb46b0f7e4daec6cec0c62d7c2b96fcde35d14c900aa0c5c81d4da6e506ddbeb7a78a21c69591ebf7dc23198f870bc00c0777ca913f17266b91059
-
SSDEEP
24576:PUFa7K4Jy/fVtktVGPrfO/WxvaXUTcLHFpSYiVtktVGPrfO/WT1:8qMlSyfO/WxyXukHFISyfO/WT
Static task
static1
Behavioral task
behavioral1
Sample
5d91acb715da8501370af725e44d7aa3_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5d91acb715da8501370af725e44d7aa3_JaffaCakes118
-
Size
824KB
-
MD5
5d91acb715da8501370af725e44d7aa3
-
SHA1
118d2f7c992f0e5ec16b07fd18c410a9517a60e5
-
SHA256
03e1ef8b9811f1ef7b3561f527f2ab4fd7570b06d91ed7507898c98a9ca4c8f6
-
SHA512
ab56c511b5cb46b0f7e4daec6cec0c62d7c2b96fcde35d14c900aa0c5c81d4da6e506ddbeb7a78a21c69591ebf7dc23198f870bc00c0777ca913f17266b91059
-
SSDEEP
24576:PUFa7K4Jy/fVtktVGPrfO/WxvaXUTcLHFpSYiVtktVGPrfO/WT1:8qMlSyfO/WxyXukHFISyfO/WT
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1