General
-
Target
51d4001a30b815ebc92ea0503fc629fb_JaffaCakes118
-
Size
17.4MB
-
Sample
240517-2hyrdseg47
-
MD5
51d4001a30b815ebc92ea0503fc629fb
-
SHA1
c3a3f26c92fada102e534c61aa1fc7893c4020f2
-
SHA256
4d86068116442ca9d3773bfb8d53d980a35d7d205bfb939dfabf702d0026f646
-
SHA512
e8a84565d73fd45e5cbadedab0c108a379b8a3992a564012c5d9f27f6854bc865c5027727c9b0d59fea2e77e6504f20b20d7b4d439bda9d54b2af0988ed48947
-
SSDEEP
393216:upPdsKbSuiniV0Qz2Ezs+R+Uk68b6JaYQUwQw5TaXzo/SsB:WmKbSuiniVRDs8+UkJ6JO7Qw52zo9
Static task
static1
Behavioral task
behavioral1
Sample
51d4001a30b815ebc92ea0503fc629fb_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
51d4001a30b815ebc92ea0503fc629fb_JaffaCakes118
-
Size
17.4MB
-
MD5
51d4001a30b815ebc92ea0503fc629fb
-
SHA1
c3a3f26c92fada102e534c61aa1fc7893c4020f2
-
SHA256
4d86068116442ca9d3773bfb8d53d980a35d7d205bfb939dfabf702d0026f646
-
SHA512
e8a84565d73fd45e5cbadedab0c108a379b8a3992a564012c5d9f27f6854bc865c5027727c9b0d59fea2e77e6504f20b20d7b4d439bda9d54b2af0988ed48947
-
SSDEEP
393216:upPdsKbSuiniV0Qz2Ezs+R+Uk68b6JaYQUwQw5TaXzo/SsB:WmKbSuiniVRDs8+UkJ6JO7Qw52zo9
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3