General

  • Target

    0014300c72be786268c166354bbfb4ca_JaffaCakes118

  • Size

    516KB

  • Sample

    240619-xqcfxasakk

  • MD5

    0014300c72be786268c166354bbfb4ca

  • SHA1

    e5ef382f9d89c0e074a49830d655ff7be2d007ac

  • SHA256

    f49885b237fa17af0bdf0df7ce6e10eda96abb5a38ec1d828c4725f845e5cb7d

  • SHA512

    6f97f36763c8a577948ea508540e3a290fa76198e1b22d07e16722cc307520a0253aef7a42edfba1804546b9cce6935549067c57832faa14e63d3780fba2c87f

  • SSDEEP

    768:DG6kd2PdChgLdDXCfW5Bq+omIweuUwVuC:8OdrL8fa8pwVP

Malware Config

Targets

    • Target

      0014300c72be786268c166354bbfb4ca_JaffaCakes118

    • Size

      516KB

    • MD5

      0014300c72be786268c166354bbfb4ca

    • SHA1

      e5ef382f9d89c0e074a49830d655ff7be2d007ac

    • SHA256

      f49885b237fa17af0bdf0df7ce6e10eda96abb5a38ec1d828c4725f845e5cb7d

    • SHA512

      6f97f36763c8a577948ea508540e3a290fa76198e1b22d07e16722cc307520a0253aef7a42edfba1804546b9cce6935549067c57832faa14e63d3780fba2c87f

    • SSDEEP

      768:DG6kd2PdChgLdDXCfW5Bq+omIweuUwVuC:8OdrL8fa8pwVP

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks