General

  • Target

    bc9f1d376b8b9bb9ea1b5e85d8192c0b_JaffaCakes118

  • Size

    684KB

  • Sample

    240618-sn5mfstckj

  • MD5

    bc9f1d376b8b9bb9ea1b5e85d8192c0b

  • SHA1

    3b2694df25398b61297f7740bd38a2c3273201c0

  • SHA256

    1b0d4302c223bd2a4426f347154467641ce2234572dd7671d1c08c9fc7557755

  • SHA512

    591288431eebc02a67db2fbcf83a0cd536eaca74dc847f007639ff4890bf0805509210db3de9c43e671d0061d0740bf676b20d70b89e6b9aac8655734a9c579e

  • SSDEEP

    12288:d/ZqsC9Pa6P8Xu+Y0+4Kk3R61B0iYWfJWCMQHxvZj3uHcwTIfM1GjT9Altr:dsD18Xa1A3YBZffJWCNhjeFTIfMUvOlN

Malware Config

Targets

    • Target

      bc9f1d376b8b9bb9ea1b5e85d8192c0b_JaffaCakes118

    • Size

      684KB

    • MD5

      bc9f1d376b8b9bb9ea1b5e85d8192c0b

    • SHA1

      3b2694df25398b61297f7740bd38a2c3273201c0

    • SHA256

      1b0d4302c223bd2a4426f347154467641ce2234572dd7671d1c08c9fc7557755

    • SHA512

      591288431eebc02a67db2fbcf83a0cd536eaca74dc847f007639ff4890bf0805509210db3de9c43e671d0061d0740bf676b20d70b89e6b9aac8655734a9c579e

    • SSDEEP

      12288:d/ZqsC9Pa6P8Xu+Y0+4Kk3R61B0iYWfJWCMQHxvZj3uHcwTIfM1GjT9Altr:dsD18Xa1A3YBZffJWCNhjeFTIfMUvOlN

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks