General

  • Target

    bbcdf90c661e94274ed23bc3082f1c87_JaffaCakes118

  • Size

    935KB

  • Sample

    240618-n4kj1awhlj

  • MD5

    bbcdf90c661e94274ed23bc3082f1c87

  • SHA1

    ed6d8a9fc7652036a760b0cee08da6be8ab466fe

  • SHA256

    72ec4c0f97d4a3d3b4827344eb250acda63e14c76efea325c475a52de32e7f64

  • SHA512

    32d6aa8a1ca36993e0fd46ef94f90a39d71e0d1b6a26b3322b81042606b76bcde922e40e38aec835834290892af01a2306b5ad4d60b6590e60b2add69a5d97f9

  • SSDEEP

    12288:MwFRtJKg1L9J69wIkrDuk6WKp6p0yfliroKLPBPK3OCkbEUqIuom4WrdmgrS3v2B:PFR5HJ698YOlOLJmZnmPgxmgrNGjmbF

Malware Config

Targets

    • Target

      bbcdf90c661e94274ed23bc3082f1c87_JaffaCakes118

    • Size

      935KB

    • MD5

      bbcdf90c661e94274ed23bc3082f1c87

    • SHA1

      ed6d8a9fc7652036a760b0cee08da6be8ab466fe

    • SHA256

      72ec4c0f97d4a3d3b4827344eb250acda63e14c76efea325c475a52de32e7f64

    • SHA512

      32d6aa8a1ca36993e0fd46ef94f90a39d71e0d1b6a26b3322b81042606b76bcde922e40e38aec835834290892af01a2306b5ad4d60b6590e60b2add69a5d97f9

    • SSDEEP

      12288:MwFRtJKg1L9J69wIkrDuk6WKp6p0yfliroKLPBPK3OCkbEUqIuom4WrdmgrS3v2B:PFR5HJ698YOlOLJmZnmPgxmgrNGjmbF

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks