General
-
Target
0e38744e6e47921e214b29b9863be1e8_JaffaCakes118
-
Size
121KB
-
Sample
240625-qj37qavenp
-
MD5
0e38744e6e47921e214b29b9863be1e8
-
SHA1
1a8f56f4de946c8c26acf83d3f7326a289659708
-
SHA256
8c3b418d78b5dd1399c485f0c31356196f10a112363751d4b26a6d53cef901f7
-
SHA512
e69be270581e449f85f5077919bbdf991959d9cd7a007464dbfed22e494472c35d1a131457e0a980c0bd70e76a2bd02cf8491ac20931d47e642031facc3e0e8d
-
SSDEEP
3072:KS2JiW/o6bczuAMws1Nj9RlrDMer2x9RcnLCT:bMJciAxs1NRfPr2xn+O
Static task
static1
Behavioral task
behavioral1
Sample
0e38744e6e47921e214b29b9863be1e8_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0e38744e6e47921e214b29b9863be1e8_JaffaCakes118
-
Size
121KB
-
MD5
0e38744e6e47921e214b29b9863be1e8
-
SHA1
1a8f56f4de946c8c26acf83d3f7326a289659708
-
SHA256
8c3b418d78b5dd1399c485f0c31356196f10a112363751d4b26a6d53cef901f7
-
SHA512
e69be270581e449f85f5077919bbdf991959d9cd7a007464dbfed22e494472c35d1a131457e0a980c0bd70e76a2bd02cf8491ac20931d47e642031facc3e0e8d
-
SSDEEP
3072:KS2JiW/o6bczuAMws1Nj9RlrDMer2x9RcnLCT:bMJciAxs1NRfPr2xn+O
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5