General
-
Target
f8fe6303853c4d624cf6dcc54a3eb7d9_JaffaCakes118
-
Size
174KB
-
Sample
240418-3jdy2sbb8w
-
MD5
f8fe6303853c4d624cf6dcc54a3eb7d9
-
SHA1
e0e78d064c80a8921ad8f96d43e0ebf75a5c58be
-
SHA256
5bd878300057717a6e9f21ca27114e91974828e299ec2e49beea56113f808cc6
-
SHA512
b6673f389e57017912e6ace64b882277ba50a5ca35e5e2eeea51cbfc098419dfee0515d1787cbce0b30992e68194de9b49b6dbaef2b0de544839e03fe715fa9d
-
SSDEEP
3072:8k/NBlj775Vi8ecb6JYJ42dIpa4iEws2qhBtmkJz1Np5ienU4hk4txmoutim3:865f758yjJ42dIpHiBo7YvckEmoSj
Malware Config
Targets
-
-
Target
f8fe6303853c4d624cf6dcc54a3eb7d9_JaffaCakes118
-
Size
174KB
-
MD5
f8fe6303853c4d624cf6dcc54a3eb7d9
-
SHA1
e0e78d064c80a8921ad8f96d43e0ebf75a5c58be
-
SHA256
5bd878300057717a6e9f21ca27114e91974828e299ec2e49beea56113f808cc6
-
SHA512
b6673f389e57017912e6ace64b882277ba50a5ca35e5e2eeea51cbfc098419dfee0515d1787cbce0b30992e68194de9b49b6dbaef2b0de544839e03fe715fa9d
-
SSDEEP
3072:8k/NBlj775Vi8ecb6JYJ42dIpa4iEws2qhBtmkJz1Np5ienU4hk4txmoutim3:865f758yjJ42dIpHiBo7YvckEmoSj
Score8/10-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1