General

  • Target

    bca937cd3c0964e74f8d867778b2f75a_JaffaCakes118

  • Size

    876KB

  • Sample

    240618-sv327stdrl

  • MD5

    bca937cd3c0964e74f8d867778b2f75a

  • SHA1

    e3a92d50beccd8e52caeff0bd9c6b205847bc1c4

  • SHA256

    bec8b56485801742f274319405b9660c57e74e0ab6e6220f4307fbdb54934fa0

  • SHA512

    d84099190896d2d978cefd590d322756c7d88d06ae4280e3ff5dd5abea8a5822b68cce96a2cf39d7203ed9d46da3a3858ce0b104566ec562c956fc71151ba852

  • SSDEEP

    24576:mhP6o/EmuGBcBahccLqi/Ju72NzZto9Zz:mhP6WPuGg7cLrbVizz

Malware Config

Targets

    • Target

      bca937cd3c0964e74f8d867778b2f75a_JaffaCakes118

    • Size

      876KB

    • MD5

      bca937cd3c0964e74f8d867778b2f75a

    • SHA1

      e3a92d50beccd8e52caeff0bd9c6b205847bc1c4

    • SHA256

      bec8b56485801742f274319405b9660c57e74e0ab6e6220f4307fbdb54934fa0

    • SHA512

      d84099190896d2d978cefd590d322756c7d88d06ae4280e3ff5dd5abea8a5822b68cce96a2cf39d7203ed9d46da3a3858ce0b104566ec562c956fc71151ba852

    • SSDEEP

      24576:mhP6o/EmuGBcBahccLqi/Ju72NzZto9Zz:mhP6WPuGg7cLrbVizz

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks