General

  • Target

    bcb3cfa10c7b9a40f1bb0be2501dc0aa_JaffaCakes118

  • Size

    872KB

  • Sample

    240618-s29hkazcqc

  • MD5

    bcb3cfa10c7b9a40f1bb0be2501dc0aa

  • SHA1

    b848963643d6886bca1852e5d97e27217f896ed4

  • SHA256

    0ad7cff7dbf1193ff48ba48915ad063f8306246fc59416ed102459f0d0d0c4c4

  • SHA512

    a35ed153ab568b7c23a52755aa84fdc7ac9c0c5bb20162a7f6516c09aa961a70fcec4156cdb1d599d77e9e014382f866eec4228e9658acb74d81c162b0884d39

  • SSDEEP

    12288:tXfzzC6WW6R/4sTzs+nLWZiT02mXIf+9u2wl6deIKojT4kIj87OkH6c0QFrWP3Gc:tPz8zpLAibb2g2Ekm8h6cQyrndGvbr

Malware Config

Targets

    • Target

      bcb3cfa10c7b9a40f1bb0be2501dc0aa_JaffaCakes118

    • Size

      872KB

    • MD5

      bcb3cfa10c7b9a40f1bb0be2501dc0aa

    • SHA1

      b848963643d6886bca1852e5d97e27217f896ed4

    • SHA256

      0ad7cff7dbf1193ff48ba48915ad063f8306246fc59416ed102459f0d0d0c4c4

    • SHA512

      a35ed153ab568b7c23a52755aa84fdc7ac9c0c5bb20162a7f6516c09aa961a70fcec4156cdb1d599d77e9e014382f866eec4228e9658acb74d81c162b0884d39

    • SSDEEP

      12288:tXfzzC6WW6R/4sTzs+nLWZiT02mXIf+9u2wl6deIKojT4kIj87OkH6c0QFrWP3Gc:tPz8zpLAibb2g2Ekm8h6cQyrndGvbr

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks