General

  • Target

    00123508b87edee35927ee3e791d7441_JaffaCakes118

  • Size

    21KB

  • Sample

    240619-xn9nma1hpl

  • MD5

    00123508b87edee35927ee3e791d7441

  • SHA1

    c6786d3e9e604008ca50393d8ef9a87df6cdfce3

  • SHA256

    223f0c274c7e825bbbc6952d97112e38b539afd11a8855792927638c83b2ce7c

  • SHA512

    e18c71c73886097f358bedb7c97e2ef5ec96a945046edd2c40aa74d9fe50e62a6091baacd29a14c9b85aad84a122a687c2c9268c86955d4c408dd83e1b4cd549

  • SSDEEP

    384:OPyZNjtU2mS5oJj0deRrOYUQOYIT6+LIrsrN3Sjepof+zX6XuU:uyZ/pjY8YQ6YIrsJS/fuX6Xp

Malware Config

Targets

    • Target

      00123508b87edee35927ee3e791d7441_JaffaCakes118

    • Size

      21KB

    • MD5

      00123508b87edee35927ee3e791d7441

    • SHA1

      c6786d3e9e604008ca50393d8ef9a87df6cdfce3

    • SHA256

      223f0c274c7e825bbbc6952d97112e38b539afd11a8855792927638c83b2ce7c

    • SHA512

      e18c71c73886097f358bedb7c97e2ef5ec96a945046edd2c40aa74d9fe50e62a6091baacd29a14c9b85aad84a122a687c2c9268c86955d4c408dd83e1b4cd549

    • SSDEEP

      384:OPyZNjtU2mS5oJj0deRrOYUQOYIT6+LIrsrN3Sjepof+zX6XuU:uyZ/pjY8YQ6YIrsJS/fuX6Xp

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks