General
-
Target
0866d9e4dff44c495ec2fc34a5c2c489_JaffaCakes118
-
Size
138KB
-
Sample
240624-n83w5s1djh
-
MD5
0866d9e4dff44c495ec2fc34a5c2c489
-
SHA1
bb7b7a128d191cf4f955d77cb7c07eebe68960a3
-
SHA256
c19c820f2a6fe2863b7e669fb4cd22a8e86dc68bbdd204a8f9a79bf3aebe1f90
-
SHA512
3debbb89ee145cb0c3022cb5211b72bb6153211cfc9d0914f3fe3b495dd28d49b4f41796065582bc2e9ad9ac98654f6f423ef27f128387dcdb49132e2887a0b1
-
SSDEEP
3072:F1+YjqUZ+R5ER1Ooqyz5SAEwjWfCpK8VWU:F0UYoOoTzbEm7KCWU
Malware Config
Targets
-
-
Target
0866d9e4dff44c495ec2fc34a5c2c489_JaffaCakes118
-
Size
138KB
-
MD5
0866d9e4dff44c495ec2fc34a5c2c489
-
SHA1
bb7b7a128d191cf4f955d77cb7c07eebe68960a3
-
SHA256
c19c820f2a6fe2863b7e669fb4cd22a8e86dc68bbdd204a8f9a79bf3aebe1f90
-
SHA512
3debbb89ee145cb0c3022cb5211b72bb6153211cfc9d0914f3fe3b495dd28d49b4f41796065582bc2e9ad9ac98654f6f423ef27f128387dcdb49132e2887a0b1
-
SSDEEP
3072:F1+YjqUZ+R5ER1Ooqyz5SAEwjWfCpK8VWU:F0UYoOoTzbEm7KCWU
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1