General

  • Target

    bcdbb73b2cccb02795546dc44c4810b8_JaffaCakes118

  • Size

    864KB

  • Sample

    240618-tsg8dsvfpm

  • MD5

    bcdbb73b2cccb02795546dc44c4810b8

  • SHA1

    09ac9e1f94c60ca2f07fe119fe08043f6dc8ec3b

  • SHA256

    33e4553a2a1c6b675189caa9ad32ef8379ea706c77fb16afc123596e9fde12b5

  • SHA512

    cab1332d5a85894494a47f651765bc211e6937397c07e41292cba2667709643dd074047a4a613b154e3919a67a0633eb4aa1a3d345e7f2169918ec22d59acac2

  • SSDEEP

    24576:xF36hISds145p2zeohMtMBh99DW1NzsQYTsPfQ:xFqOSd/Uq899cNQVSQ

Malware Config

Targets

    • Target

      bcdbb73b2cccb02795546dc44c4810b8_JaffaCakes118

    • Size

      864KB

    • MD5

      bcdbb73b2cccb02795546dc44c4810b8

    • SHA1

      09ac9e1f94c60ca2f07fe119fe08043f6dc8ec3b

    • SHA256

      33e4553a2a1c6b675189caa9ad32ef8379ea706c77fb16afc123596e9fde12b5

    • SHA512

      cab1332d5a85894494a47f651765bc211e6937397c07e41292cba2667709643dd074047a4a613b154e3919a67a0633eb4aa1a3d345e7f2169918ec22d59acac2

    • SSDEEP

      24576:xF36hISds145p2zeohMtMBh99DW1NzsQYTsPfQ:xFqOSd/Uq899cNQVSQ

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks