General

  • Target

    000ca69fca207525041e5399dbfea935_JaffaCakes118

  • Size

    21KB

  • Sample

    240619-xkgtfaxaqb

  • MD5

    000ca69fca207525041e5399dbfea935

  • SHA1

    456082c54ba68439ccf718297384f507c21f177b

  • SHA256

    bad0e3ef1814c2247307a89ba75b20771dafd24eb31e3b8ccd6527f16075bf32

  • SHA512

    b135dcba5c93725f7da541335381c68f405dcc070605f59045f1878ecd1d211e0108e473082f4fdf14911a72da4eba32cd2a8de7ec598f387cef8bcf97f67655

  • SSDEEP

    384:xPyZNjtU2mC45TF0zkFXtJ2k1PjXIDEzKDzEFPrVT2:pyZDKTFdx1b4wzCEFPrs

Malware Config

Targets

    • Target

      000ca69fca207525041e5399dbfea935_JaffaCakes118

    • Size

      21KB

    • MD5

      000ca69fca207525041e5399dbfea935

    • SHA1

      456082c54ba68439ccf718297384f507c21f177b

    • SHA256

      bad0e3ef1814c2247307a89ba75b20771dafd24eb31e3b8ccd6527f16075bf32

    • SHA512

      b135dcba5c93725f7da541335381c68f405dcc070605f59045f1878ecd1d211e0108e473082f4fdf14911a72da4eba32cd2a8de7ec598f387cef8bcf97f67655

    • SSDEEP

      384:xPyZNjtU2mC45TF0zkFXtJ2k1PjXIDEzKDzEFPrVT2:pyZDKTFdx1b4wzCEFPrs

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks