General
-
Target
0ddce57fc7ae9be6f9b74c9fd06c0258_JaffaCakes118
-
Size
143KB
-
Sample
240625-nc372awfkb
-
MD5
0ddce57fc7ae9be6f9b74c9fd06c0258
-
SHA1
ab68a976a87d77fd759e35b4903f1c7bf0ea7521
-
SHA256
aae63244c132711304d1a8c3274e986d18f9961c43d4dfc654458855eca68f2d
-
SHA512
d933947f6b70da268e5d26978e42a3af8aa0c03c8cd2a801ba6233d6e4c05c2bab417ab35500709af79f468e7498c96729fb1b077a741f6bd762f3e4707b3598
-
SSDEEP
3072:uYNQKPWDyaRefVJltZrpRl1P3KzGP4N0NcJl5zwTJqK+hl:3NSDyaRO1thpaOIGwK+hl
Static task
static1
Behavioral task
behavioral1
Sample
0ddce57fc7ae9be6f9b74c9fd06c0258_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0ddce57fc7ae9be6f9b74c9fd06c0258_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0ddce57fc7ae9be6f9b74c9fd06c0258_JaffaCakes118
-
Size
143KB
-
MD5
0ddce57fc7ae9be6f9b74c9fd06c0258
-
SHA1
ab68a976a87d77fd759e35b4903f1c7bf0ea7521
-
SHA256
aae63244c132711304d1a8c3274e986d18f9961c43d4dfc654458855eca68f2d
-
SHA512
d933947f6b70da268e5d26978e42a3af8aa0c03c8cd2a801ba6233d6e4c05c2bab417ab35500709af79f468e7498c96729fb1b077a741f6bd762f3e4707b3598
-
SSDEEP
3072:uYNQKPWDyaRefVJltZrpRl1P3KzGP4N0NcJl5zwTJqK+hl:3NSDyaRO1thpaOIGwK+hl
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1