General

  • Target

    bce33f618d522dca90ace37003b15eff_JaffaCakes118

  • Size

    811KB

  • Sample

    240618-tydgds1dne

  • MD5

    bce33f618d522dca90ace37003b15eff

  • SHA1

    bcce768641b530ca664f6a74d6981c73af61ab83

  • SHA256

    e1f3f60eb4cf2a15f911b00f2e298963282a9d1ce857ac1afd874b05cc10b963

  • SHA512

    68336730a2855dc949e0224e80e0b2da66cf408181ebf0150ff00dbbb2b3fcc4fd4cff17a38c6242a98dc366a141e0851ca63f08196840299930288df0c4f9c8

  • SSDEEP

    12288:47UEcP9tVliPNsu8J/MiLv5BGcJvMx+d3Edr++jD9QrqCqLGDI5SJlCVvximWU7B:4UE7tkfGcrB4CuDMLq0JO37B

Malware Config

Targets

    • Target

      bce33f618d522dca90ace37003b15eff_JaffaCakes118

    • Size

      811KB

    • MD5

      bce33f618d522dca90ace37003b15eff

    • SHA1

      bcce768641b530ca664f6a74d6981c73af61ab83

    • SHA256

      e1f3f60eb4cf2a15f911b00f2e298963282a9d1ce857ac1afd874b05cc10b963

    • SHA512

      68336730a2855dc949e0224e80e0b2da66cf408181ebf0150ff00dbbb2b3fcc4fd4cff17a38c6242a98dc366a141e0851ca63f08196840299930288df0c4f9c8

    • SSDEEP

      12288:47UEcP9tVliPNsu8J/MiLv5BGcJvMx+d3Edr++jD9QrqCqLGDI5SJlCVvximWU7B:4UE7tkfGcrB4CuDMLq0JO37B

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks