General

  • Target

    000ed5008ef217f55825dc1403723113_JaffaCakes118

  • Size

    20KB

  • Sample

    240619-xl19gaxbne

  • MD5

    000ed5008ef217f55825dc1403723113

  • SHA1

    e034a16d64f6747cd65a05722a6c35d9f2c49fcc

  • SHA256

    9eff2335c2f4eebd7cfd8b70db5b26d220b4e8d4d717f639d230d9808a259e76

  • SHA512

    897d8a5b1c8ebfc57a4327db16aa119d8fde5ebceb2a6a40664443ac573cac4b029d621b75396a009fbd4c18ad92501b1677db46dda152a5474a48e0e88a0321

  • SSDEEP

    384:P9PyZNjtU2mvIGj0l724Zt2e9VojU2bzEFd++UX:PVyZupMP/EPEFd+f

Malware Config

Targets

    • Target

      000ed5008ef217f55825dc1403723113_JaffaCakes118

    • Size

      20KB

    • MD5

      000ed5008ef217f55825dc1403723113

    • SHA1

      e034a16d64f6747cd65a05722a6c35d9f2c49fcc

    • SHA256

      9eff2335c2f4eebd7cfd8b70db5b26d220b4e8d4d717f639d230d9808a259e76

    • SHA512

      897d8a5b1c8ebfc57a4327db16aa119d8fde5ebceb2a6a40664443ac573cac4b029d621b75396a009fbd4c18ad92501b1677db46dda152a5474a48e0e88a0321

    • SSDEEP

      384:P9PyZNjtU2mvIGj0l724Zt2e9VojU2bzEFd++UX:PVyZupMP/EPEFd+f

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks