General
-
Target
002cbbfced55ff55f9015d5709ae003e_JaffaCakes118
-
Size
97KB
-
Sample
240619-ycgn5sshkk
-
MD5
002cbbfced55ff55f9015d5709ae003e
-
SHA1
4cb91208b0285d3b6e4aaa77f9d35bd34b441be3
-
SHA256
f19b73fa0352253a1e9432fbcc1afcecf72f0c9fa09c2bea436f288bcf6df86e
-
SHA512
fa89c544cc8d6074b172d2fb9990da6f5d3fe191a1398ac6ba71d0d1b94c3a7ba2fce51df2d908a809e1ab95b5d16ff16cc71d3d3917875c0324122599ee074d
-
SSDEEP
3072:e/mTRVQU0hl9GbViqy+rD5Z7QPLAzJDZx/uE3mXr:e+HQUqME0ruLAzJtx+Xr
Static task
static1
Behavioral task
behavioral1
Sample
002cbbfced55ff55f9015d5709ae003e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
002cbbfced55ff55f9015d5709ae003e_JaffaCakes118
-
Size
97KB
-
MD5
002cbbfced55ff55f9015d5709ae003e
-
SHA1
4cb91208b0285d3b6e4aaa77f9d35bd34b441be3
-
SHA256
f19b73fa0352253a1e9432fbcc1afcecf72f0c9fa09c2bea436f288bcf6df86e
-
SHA512
fa89c544cc8d6074b172d2fb9990da6f5d3fe191a1398ac6ba71d0d1b94c3a7ba2fce51df2d908a809e1ab95b5d16ff16cc71d3d3917875c0324122599ee074d
-
SSDEEP
3072:e/mTRVQU0hl9GbViqy+rD5Z7QPLAzJDZx/uE3mXr:e+HQUqME0ruLAzJtx+Xr
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1