General

  • Target

    bbf3002c0e80b2df211935d9e351ea4a_JaffaCakes118

  • Size

    811KB

  • Sample

    240618-pqxg3stcpe

  • MD5

    bbf3002c0e80b2df211935d9e351ea4a

  • SHA1

    d4258718d280e24520f426bb99d6b64979a805cd

  • SHA256

    d7ca1cabe31387dd929341fed1bfe8771d44258e02111ab6d867d3ead5aaf017

  • SHA512

    93e06c18e113c6977c92562dd18bd35524f8a87af281aeb68e2a7d3c897888093b0eb5ccd0171e93039d5de3125fc1e05b5dddac2c207d69dc24d168097155fb

  • SSDEEP

    12288:L2Pt7+lx+n5eUA6T97MHDN2ca9ZWIlk2twi0M8NZ50d0x1owSCoxgt/ElY6kcOF3:aPE41NT97MjN2HPdtgCIElYeXqLP

Malware Config

Targets

    • Target

      bbf3002c0e80b2df211935d9e351ea4a_JaffaCakes118

    • Size

      811KB

    • MD5

      bbf3002c0e80b2df211935d9e351ea4a

    • SHA1

      d4258718d280e24520f426bb99d6b64979a805cd

    • SHA256

      d7ca1cabe31387dd929341fed1bfe8771d44258e02111ab6d867d3ead5aaf017

    • SHA512

      93e06c18e113c6977c92562dd18bd35524f8a87af281aeb68e2a7d3c897888093b0eb5ccd0171e93039d5de3125fc1e05b5dddac2c207d69dc24d168097155fb

    • SSDEEP

      12288:L2Pt7+lx+n5eUA6T97MHDN2ca9ZWIlk2twi0M8NZ50d0x1owSCoxgt/ElY6kcOF3:aPE41NT97MjN2HPdtgCIElYeXqLP

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks