General
-
Target
0481efedf1a2ff19d810a619093d7f94_JaffaCakes118
-
Size
39.4MB
-
Sample
240428-gj3rhshf6v
-
MD5
0481efedf1a2ff19d810a619093d7f94
-
SHA1
181eaec26ea11e50f5c93c5d7dcf55d94c28fcaf
-
SHA256
5822163026940ee169f3899a570271e38b2f46e6b91534b0deef2e0b6accf169
-
SHA512
ad48a138d5098838dbd25ec9c1f8c92d340b5287c9d6a17c454b9796af1495deb69186d2fcdc051e9d09a0f0f7ca1a59b373fbb80e4d440835063fd2545ea1f5
-
SSDEEP
786432:Bkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHA:Bsdqqez9H7wWPRt3f3bXo1wNG
Malware Config
Targets
-
-
Target
0481efedf1a2ff19d810a619093d7f94_JaffaCakes118
-
Size
39.4MB
-
MD5
0481efedf1a2ff19d810a619093d7f94
-
SHA1
181eaec26ea11e50f5c93c5d7dcf55d94c28fcaf
-
SHA256
5822163026940ee169f3899a570271e38b2f46e6b91534b0deef2e0b6accf169
-
SHA512
ad48a138d5098838dbd25ec9c1f8c92d340b5287c9d6a17c454b9796af1495deb69186d2fcdc051e9d09a0f0f7ca1a59b373fbb80e4d440835063fd2545ea1f5
-
SSDEEP
786432:Bkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHA:Bsdqqez9H7wWPRt3f3bXo1wNG
Score10/10-
Modifies firewall policy service
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
5Impair Defenses
1Disable or Modify System Firewall
1Subvert Trust Controls
1Install Root Certificate
1