General

  • Target

    00162441c854016cdd004c74c1050026_JaffaCakes118

  • Size

    514KB

  • Sample

    240619-xrc4tsxdqa

  • MD5

    00162441c854016cdd004c74c1050026

  • SHA1

    08f2c3254a391657488ad07b53462923470a24cd

  • SHA256

    18defa4bfaa2c747fce8ef441786d363a7eea6bcba644c1de8519622b8fa3c33

  • SHA512

    2a65eb254b65e29e04377b554a70f4a2a41a7f77247d8c0fa14925e0f9b2330e5424cf0563882fb3bc9a35be022206965d5f6a3eb2ada786c7d0a3448538e73b

  • SSDEEP

    384:8idD9d6GAvmAECb16mG7nPKyQvF0743hMb1sjDpHEpnMnzXeoXWQgbi:pXD+16k9074xhDjzXeo2i

Malware Config

Targets

    • Target

      00162441c854016cdd004c74c1050026_JaffaCakes118

    • Size

      514KB

    • MD5

      00162441c854016cdd004c74c1050026

    • SHA1

      08f2c3254a391657488ad07b53462923470a24cd

    • SHA256

      18defa4bfaa2c747fce8ef441786d363a7eea6bcba644c1de8519622b8fa3c33

    • SHA512

      2a65eb254b65e29e04377b554a70f4a2a41a7f77247d8c0fa14925e0f9b2330e5424cf0563882fb3bc9a35be022206965d5f6a3eb2ada786c7d0a3448538e73b

    • SSDEEP

      384:8idD9d6GAvmAECb16mG7nPKyQvF0743hMb1sjDpHEpnMnzXeoXWQgbi:pXD+16k9074xhDjzXeo2i

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks