General

  • Target

    00144f9436fdd2b4173cca79461831df_JaffaCakes118

  • Size

    24KB

  • Sample

    240619-xqh9fssakp

  • MD5

    00144f9436fdd2b4173cca79461831df

  • SHA1

    7e17265df3f83dd9c760e658dff0f3786738f977

  • SHA256

    96716021a43130c4eb40283d86fcea4704ecd73dec8a36a1063197f6970658f9

  • SHA512

    6c9975aa3975161d94d5b109e9203fff2b5c4a99e6e601808d790d683e4061c0c9bc342b0c6271d75456b427eda187449e395aba1c189a5081bba432726e5654

  • SSDEEP

    384:pdD9d6G4f/r1KeYS4oxgWZqVjgG2GCafj64BEHuazwIErIuCv:pKGkwVjgG2G64LawIEHO

Malware Config

Targets

    • Target

      00144f9436fdd2b4173cca79461831df_JaffaCakes118

    • Size

      24KB

    • MD5

      00144f9436fdd2b4173cca79461831df

    • SHA1

      7e17265df3f83dd9c760e658dff0f3786738f977

    • SHA256

      96716021a43130c4eb40283d86fcea4704ecd73dec8a36a1063197f6970658f9

    • SHA512

      6c9975aa3975161d94d5b109e9203fff2b5c4a99e6e601808d790d683e4061c0c9bc342b0c6271d75456b427eda187449e395aba1c189a5081bba432726e5654

    • SSDEEP

      384:pdD9d6G4f/r1KeYS4oxgWZqVjgG2GCafj64BEHuazwIErIuCv:pKGkwVjgG2G64LawIEHO

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks