General

  • Target

    bcaf212ca823c91eda8d5235f77b334c_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240618-s1hy8atfjl

  • MD5

    bcaf212ca823c91eda8d5235f77b334c

  • SHA1

    333a4878c837597910e548f85d1d972c8e55184c

  • SHA256

    738001a144e381cc3fb107ab08ea54379d08ff58eff80fe2890368cf433565d1

  • SHA512

    5f7e48784c6594b6b1200daa0b31c707dc60f1c95c859c12c966d2d4b44f9c8f8c57ae68a8a8c4d0c745fd9bf3305e14a01bee179cc69b729aef5b3f245e4192

  • SSDEEP

    24576:fe/2lV9I77H0j/aEd5Jx/XHTXsiP1fUxyvPUzO5oZ5OcW8ysj4:f2Cw7Ij/B9xfoitfUxf1nO7ij4

Malware Config

Targets

    • Target

      bcaf212ca823c91eda8d5235f77b334c_JaffaCakes118

    • Size

      1.1MB

    • MD5

      bcaf212ca823c91eda8d5235f77b334c

    • SHA1

      333a4878c837597910e548f85d1d972c8e55184c

    • SHA256

      738001a144e381cc3fb107ab08ea54379d08ff58eff80fe2890368cf433565d1

    • SHA512

      5f7e48784c6594b6b1200daa0b31c707dc60f1c95c859c12c966d2d4b44f9c8f8c57ae68a8a8c4d0c745fd9bf3305e14a01bee179cc69b729aef5b3f245e4192

    • SSDEEP

      24576:fe/2lV9I77H0j/aEd5Jx/XHTXsiP1fUxyvPUzO5oZ5OcW8ysj4:f2Cw7Ij/B9xfoitfUxf1nO7ij4

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks