General

  • Target

    bcb58d3b8c6854bb57fe02b40c059d61_JaffaCakes118

  • Size

    833KB

  • Sample

    240618-s4af9azdkg

  • MD5

    bcb58d3b8c6854bb57fe02b40c059d61

  • SHA1

    a8f5d86fb7613a70d766e260f18250d2081e0701

  • SHA256

    2d6b16587db3a44d363a21044d5205860d93e9fc3d0ec72c3658db8efd3e1374

  • SHA512

    9195e57d48d53bc552af9f0d1776161710006c399e4cfd736e513d402a61573b1ffce2f7b5073de2eb59d0a427e91d74dd851c068e2eb4f4781ce5a48db1de8e

  • SSDEEP

    24576:snjCVT247rO1vDtc3QsXdiCxncPPQpmml:snCH7rO1LW3QsbncX2l

Malware Config

Targets

    • Target

      bcb58d3b8c6854bb57fe02b40c059d61_JaffaCakes118

    • Size

      833KB

    • MD5

      bcb58d3b8c6854bb57fe02b40c059d61

    • SHA1

      a8f5d86fb7613a70d766e260f18250d2081e0701

    • SHA256

      2d6b16587db3a44d363a21044d5205860d93e9fc3d0ec72c3658db8efd3e1374

    • SHA512

      9195e57d48d53bc552af9f0d1776161710006c399e4cfd736e513d402a61573b1ffce2f7b5073de2eb59d0a427e91d74dd851c068e2eb4f4781ce5a48db1de8e

    • SSDEEP

      24576:snjCVT247rO1vDtc3QsXdiCxncPPQpmml:snCH7rO1LW3QsbncX2l

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks