General

  • Target

    001288bb20eb2ec49609356da774352d_JaffaCakes118

  • Size

    23KB

  • Sample

    240619-xpejwaxcpc

  • MD5

    001288bb20eb2ec49609356da774352d

  • SHA1

    64caaa65501ebc538afefcc37f83104b8629894f

  • SHA256

    8df17b59916d9b1b3dcc5606062c588fc95ec978feacb9bcf78bc30568f9a393

  • SHA512

    6c1470030c806bb6f9b9d55a818dad91b6dbc45e2c86d34b3563964ae678cb461cb4b0ab66a83bcdbe087ccc50dab612fde7bcaefaaf7574d4fcdb994c24db32

  • SSDEEP

    384:aPyZNjtU2mC45z+qbJdVOKmwVCjqDEoefZjuMzET8R5Hc:ayZDK93V/VSqFOjTET258

Malware Config

Targets

    • Target

      001288bb20eb2ec49609356da774352d_JaffaCakes118

    • Size

      23KB

    • MD5

      001288bb20eb2ec49609356da774352d

    • SHA1

      64caaa65501ebc538afefcc37f83104b8629894f

    • SHA256

      8df17b59916d9b1b3dcc5606062c588fc95ec978feacb9bcf78bc30568f9a393

    • SHA512

      6c1470030c806bb6f9b9d55a818dad91b6dbc45e2c86d34b3563964ae678cb461cb4b0ab66a83bcdbe087ccc50dab612fde7bcaefaaf7574d4fcdb994c24db32

    • SSDEEP

      384:aPyZNjtU2mC45z+qbJdVOKmwVCjqDEoefZjuMzET8R5Hc:ayZDK93V/VSqFOjTET258

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks