General

  • Target

    bcc41cd5761e2715682c47efb4c1c9c1_JaffaCakes118

  • Size

    830KB

  • Sample

    240618-tcxm5svbjk

  • MD5

    bcc41cd5761e2715682c47efb4c1c9c1

  • SHA1

    70e2baa74d728057545da0f658657abd8fd908fd

  • SHA256

    cc0e8b3c30a89a362880b430302ee921ab8e34842aa84bc1389978e14a07f8e4

  • SHA512

    e20deb5aaa7d64e87e2803362a504e8fc8afc9994329fd299b583cb6b978c1314fc76953cc1858b5945f24dec3095c242d32953153149354b8dddc6d036fcee9

  • SSDEEP

    12288:wXWZPQLLGLCRpjy6L77bpfq6gIrs3+cLfcQ6FTI/6/rY9Vl0OPSifIVMbCFIsaKu:SWZovGLebpfq9JOcL0+/lR12OTQe

Malware Config

Targets

    • Target

      bcc41cd5761e2715682c47efb4c1c9c1_JaffaCakes118

    • Size

      830KB

    • MD5

      bcc41cd5761e2715682c47efb4c1c9c1

    • SHA1

      70e2baa74d728057545da0f658657abd8fd908fd

    • SHA256

      cc0e8b3c30a89a362880b430302ee921ab8e34842aa84bc1389978e14a07f8e4

    • SHA512

      e20deb5aaa7d64e87e2803362a504e8fc8afc9994329fd299b583cb6b978c1314fc76953cc1858b5945f24dec3095c242d32953153149354b8dddc6d036fcee9

    • SSDEEP

      12288:wXWZPQLLGLCRpjy6L77bpfq6gIrs3+cLfcQ6FTI/6/rY9Vl0OPSifIVMbCFIsaKu:SWZovGLebpfq9JOcL0+/lR12OTQe

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks