General

  • Target

    00126939ef0420be5b13c77db024c872_JaffaCakes118

  • Size

    513KB

  • Sample

    240619-xpdbtaxcpa

  • MD5

    00126939ef0420be5b13c77db024c872

  • SHA1

    83cb1d7d4eeb2d051d5ff968263e14a4f80cd4c7

  • SHA256

    82d738b05f196aeb7e51ea78dea500450355682e607ca804097cbd40b2963682

  • SHA512

    1ba8e29455e6f1b0a22ffa5b0aefa1cefcd45af8deb0eed1d2a3fde1ea479d32e6ae3b3ab16b6ecb5742f901443dceaa1718ae77fa4152578aed0a582aabb6c0

  • SSDEEP

    384:TidD9d6GAW6AEiDlIgtapacv5nfHD7Aw/j+vREC5CsDanPzxTzYqiXb:G+DWlZN65/D7Z+vAsDWxTkqK

Malware Config

Targets

    • Target

      00126939ef0420be5b13c77db024c872_JaffaCakes118

    • Size

      513KB

    • MD5

      00126939ef0420be5b13c77db024c872

    • SHA1

      83cb1d7d4eeb2d051d5ff968263e14a4f80cd4c7

    • SHA256

      82d738b05f196aeb7e51ea78dea500450355682e607ca804097cbd40b2963682

    • SHA512

      1ba8e29455e6f1b0a22ffa5b0aefa1cefcd45af8deb0eed1d2a3fde1ea479d32e6ae3b3ab16b6ecb5742f901443dceaa1718ae77fa4152578aed0a582aabb6c0

    • SSDEEP

      384:TidD9d6GAW6AEiDlIgtapacv5nfHD7Aw/j+vREC5CsDanPzxTzYqiXb:G+DWlZN65/D7Z+vAsDWxTkqK

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks