General
-
Target
0059254be72a97b90d37e3e702fdb8ee_JaffaCakes118
-
Size
89KB
-
Sample
240619-y9n5gsvcnl
-
MD5
0059254be72a97b90d37e3e702fdb8ee
-
SHA1
d2092e57668641cd5c28204d7d7cc59e4a301884
-
SHA256
0ba674fbff64502708177434462984c1c0e4cd79a5f0b769fdc96e1af409cef8
-
SHA512
ae5d6cc35e7a4221044049d6b23d7786a3ea722f5df27818ba1ba32d1c63858c61aa284ce1181ed392c7ab5a765ab8fb3df9302bc00cde1f64f3a7f64286b044
-
SSDEEP
1536:GQ1LtIZr8qwC9gCFh3xC6NLAmV5/0Ol39/2ZroL5ynLYHgET/Et3KmqNc:hmZr8/Ug+NxC6NL9/Tt92ZrotX4tamqG
Static task
static1
Behavioral task
behavioral1
Sample
0059254be72a97b90d37e3e702fdb8ee_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0059254be72a97b90d37e3e702fdb8ee_JaffaCakes118
-
Size
89KB
-
MD5
0059254be72a97b90d37e3e702fdb8ee
-
SHA1
d2092e57668641cd5c28204d7d7cc59e4a301884
-
SHA256
0ba674fbff64502708177434462984c1c0e4cd79a5f0b769fdc96e1af409cef8
-
SHA512
ae5d6cc35e7a4221044049d6b23d7786a3ea722f5df27818ba1ba32d1c63858c61aa284ce1181ed392c7ab5a765ab8fb3df9302bc00cde1f64f3a7f64286b044
-
SSDEEP
1536:GQ1LtIZr8qwC9gCFh3xC6NLAmV5/0Ol39/2ZroL5ynLYHgET/Et3KmqNc:hmZr8/Ug+NxC6NL9/Tt92ZrotX4tamqG
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1