General
-
Target
0dc5b99c6916e074cd5814644526784c_JaffaCakes118
-
Size
127KB
-
Sample
240625-msnlvaxhnn
-
MD5
0dc5b99c6916e074cd5814644526784c
-
SHA1
b8a2efe2e9c5de2694b10080ef15bbd78f657df8
-
SHA256
ca4659962ccfe22517cc1eb3c1e33a216e7ad6952920d7d5f8ce0f26ab66bf65
-
SHA512
3f0e6e4637f26cf43eec88535a2d0523c9671f69e461c9060d7ce57402ec1ee6e86a05c31f7e766220bd8a5101d3335c690a0490af4543e5bd528373c0f8b1a8
-
SSDEEP
3072:2lq1D1lnh17KiAnucUKDzix4jK0HrIdkOk859mQE5l:Gq1DrzKtucUKviCrgk/859TEf
Static task
static1
Behavioral task
behavioral1
Sample
0dc5b99c6916e074cd5814644526784c_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0dc5b99c6916e074cd5814644526784c_JaffaCakes118
-
Size
127KB
-
MD5
0dc5b99c6916e074cd5814644526784c
-
SHA1
b8a2efe2e9c5de2694b10080ef15bbd78f657df8
-
SHA256
ca4659962ccfe22517cc1eb3c1e33a216e7ad6952920d7d5f8ce0f26ab66bf65
-
SHA512
3f0e6e4637f26cf43eec88535a2d0523c9671f69e461c9060d7ce57402ec1ee6e86a05c31f7e766220bd8a5101d3335c690a0490af4543e5bd528373c0f8b1a8
-
SSDEEP
3072:2lq1D1lnh17KiAnucUKDzix4jK0HrIdkOk859mQE5l:Gq1DrzKtucUKviCrgk/859TEf
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5