General

  • Target

    bcbd1297d8d18fe5b8ef9ae93e878dda_JaffaCakes118

  • Size

    852KB

  • Sample

    240618-s78hfszelb

  • MD5

    bcbd1297d8d18fe5b8ef9ae93e878dda

  • SHA1

    af2aec192fea2629cc791f4b24a485f905ba566d

  • SHA256

    3daba304c88d07511bddc7ccd8dd4f483bf5ed13db9c42ffc631cba424a8657a

  • SHA512

    4bd36d494672ffac73ea174e22285e4e411771238673086d746711f198829b26070df13257dbc62a6f0711360f83c4b77e5cbc54673210b7f44c09a8d85d18bc

  • SSDEEP

    24576:IJVL0d4Ey2tSmFXP80N1FGEtBxuJFQd9NhbWAGEXzcg:IJl0d4kSUP7N1nJuJcGEgg

Malware Config

Targets

    • Target

      bcbd1297d8d18fe5b8ef9ae93e878dda_JaffaCakes118

    • Size

      852KB

    • MD5

      bcbd1297d8d18fe5b8ef9ae93e878dda

    • SHA1

      af2aec192fea2629cc791f4b24a485f905ba566d

    • SHA256

      3daba304c88d07511bddc7ccd8dd4f483bf5ed13db9c42ffc631cba424a8657a

    • SHA512

      4bd36d494672ffac73ea174e22285e4e411771238673086d746711f198829b26070df13257dbc62a6f0711360f83c4b77e5cbc54673210b7f44c09a8d85d18bc

    • SSDEEP

      24576:IJVL0d4Ey2tSmFXP80N1FGEtBxuJFQd9NhbWAGEXzcg:IJl0d4kSUP7N1nJuJcGEgg

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks