General
-
Target
00568f33e2d3f5cbfa735a2cf25b0deb_JaffaCakes118
-
Size
100KB
-
Sample
240619-y71qhavbpq
-
MD5
00568f33e2d3f5cbfa735a2cf25b0deb
-
SHA1
eed12c9e55e1a3778aa5a42ade09eaa482b76270
-
SHA256
201029def214ba3a102a86ec25cb9a5c0aaf4a6c2aa3d5af1dd30ddeb47259a5
-
SHA512
9f3a2d259ceecd751c3a923fcb8f17e9106873105ba856a4911fed8411a1c16c4f3a652c2ac29e6155985d97e0a52156898afd43c5f6fad81bb3c113b6dbda57
-
SSDEEP
1536:cjD4lMWQThsQKCHDYbiIZjX41poS1lvJLdGyo:kjLDYbibYS1PBw
Static task
static1
Behavioral task
behavioral1
Sample
00568f33e2d3f5cbfa735a2cf25b0deb_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
00568f33e2d3f5cbfa735a2cf25b0deb_JaffaCakes118
-
Size
100KB
-
MD5
00568f33e2d3f5cbfa735a2cf25b0deb
-
SHA1
eed12c9e55e1a3778aa5a42ade09eaa482b76270
-
SHA256
201029def214ba3a102a86ec25cb9a5c0aaf4a6c2aa3d5af1dd30ddeb47259a5
-
SHA512
9f3a2d259ceecd751c3a923fcb8f17e9106873105ba856a4911fed8411a1c16c4f3a652c2ac29e6155985d97e0a52156898afd43c5f6fad81bb3c113b6dbda57
-
SSDEEP
1536:cjD4lMWQThsQKCHDYbiIZjX41poS1lvJLdGyo:kjLDYbibYS1PBw
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1