General

  • Target

    bca57d6dd3a098db1f1671fb8e5086f1_JaffaCakes118

  • Size

    888KB

  • Sample

    240618-ss93qszajb

  • MD5

    bca57d6dd3a098db1f1671fb8e5086f1

  • SHA1

    0309611efc311a135193a4b4eb49c496ce78578a

  • SHA256

    a1316c5a99243c7e845c084909fe3d3c6aa76adc2eec8c7eec5ba6fe42297b56

  • SHA512

    c454fcabf43adf8dc6862bbc9342707c8f4de09cba1bd2ece26720b61098bc048f3c7a9c665acf48293a857b7800a91a58aa9ad2e7617a4db821cf6f7d17f18f

  • SSDEEP

    12288:HxjGOjBXUuY4Qlb0NSZrBY5cgNTa2GBlxhO9LtjWHMRUl5/pFbJCTjJ:Hxy8EXZ0lcKTJ0cLt6MRUlVcTjJ

Malware Config

Targets

    • Target

      bca57d6dd3a098db1f1671fb8e5086f1_JaffaCakes118

    • Size

      888KB

    • MD5

      bca57d6dd3a098db1f1671fb8e5086f1

    • SHA1

      0309611efc311a135193a4b4eb49c496ce78578a

    • SHA256

      a1316c5a99243c7e845c084909fe3d3c6aa76adc2eec8c7eec5ba6fe42297b56

    • SHA512

      c454fcabf43adf8dc6862bbc9342707c8f4de09cba1bd2ece26720b61098bc048f3c7a9c665acf48293a857b7800a91a58aa9ad2e7617a4db821cf6f7d17f18f

    • SSDEEP

      12288:HxjGOjBXUuY4Qlb0NSZrBY5cgNTa2GBlxhO9LtjWHMRUl5/pFbJCTjJ:Hxy8EXZ0lcKTJ0cLt6MRUlVcTjJ

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks