General
-
Target
fbf99f2d497702f7414024ef9ca4871b_JaffaCakes118
-
Size
3.8MB
-
Sample
240420-fkzktaha92
-
MD5
fbf99f2d497702f7414024ef9ca4871b
-
SHA1
6b964fecdbdc2f5e63230d8dc5467de4b53b459a
-
SHA256
ce07662d7aad5983af3d828e7466599e7900bb8801588a043447cde6602b438c
-
SHA512
5dd127df2fed1df23eaccfcb101dbf86496206e1dc98ea8909d7f87db964b1bf22110f440ed92ea15cae8f3b70cfb15890b39d52bef399a2e899e376a0f04d32
-
SSDEEP
49152:AFHemOi/hN6cNGaUXEOlXtzKmwTHG5i3GfPicchT50aFe5Z5ZVQORJVUINVc:UHtOgIccaCOTmk3W0T6/ZTVVR7BNVc
Static task
static1
Behavioral task
behavioral1
Sample
fbf99f2d497702f7414024ef9ca4871b_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
fbf99f2d497702f7414024ef9ca4871b_JaffaCakes118
-
Size
3.8MB
-
MD5
fbf99f2d497702f7414024ef9ca4871b
-
SHA1
6b964fecdbdc2f5e63230d8dc5467de4b53b459a
-
SHA256
ce07662d7aad5983af3d828e7466599e7900bb8801588a043447cde6602b438c
-
SHA512
5dd127df2fed1df23eaccfcb101dbf86496206e1dc98ea8909d7f87db964b1bf22110f440ed92ea15cae8f3b70cfb15890b39d52bef399a2e899e376a0f04d32
-
SSDEEP
49152:AFHemOi/hN6cNGaUXEOlXtzKmwTHG5i3GfPicchT50aFe5Z5ZVQORJVUINVc:UHtOgIccaCOTmk3W0T6/ZTVVR7BNVc
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1