General
-
Target
f193b96bc1159b138479e90907426e10_JaffaCakes118
-
Size
3.5MB
-
Sample
240415-vtrnwsbg37
-
MD5
f193b96bc1159b138479e90907426e10
-
SHA1
0f90cc6d81b9561afdf67c8e4307bb6a7eb837b9
-
SHA256
0fe2dce0e2e96df3c5ee9e60b1ae3ada3bb8baebe26c9b75e03799080ecd821c
-
SHA512
b0f072e884a21f1b5be6362ff4aae1cd81f8bf8c03715b8e7a502c2f2540ab6a79eab3096ddb54488a025ed3009f3436ba563d498b42a0a5f7404e1770020ab9
-
SSDEEP
98304:sUAi8gptJzWkATQl7QNWJMYwXvOGgTXp1eBQnVrJFqLaNjfjDh1Djvu:TAMtJ3OmMWz2vO7TquVrJcmjfjDhtu
Malware Config
Targets
-
-
Target
f193b96bc1159b138479e90907426e10_JaffaCakes118
-
Size
3.5MB
-
MD5
f193b96bc1159b138479e90907426e10
-
SHA1
0f90cc6d81b9561afdf67c8e4307bb6a7eb837b9
-
SHA256
0fe2dce0e2e96df3c5ee9e60b1ae3ada3bb8baebe26c9b75e03799080ecd821c
-
SHA512
b0f072e884a21f1b5be6362ff4aae1cd81f8bf8c03715b8e7a502c2f2540ab6a79eab3096ddb54488a025ed3009f3436ba563d498b42a0a5f7404e1770020ab9
-
SSDEEP
98304:sUAi8gptJzWkATQl7QNWJMYwXvOGgTXp1eBQnVrJFqLaNjfjDh1Djvu:TAMtJ3OmMWz2vO7TquVrJcmjfjDhtu
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1