General
-
Target
0e6d0798b0405b492b38f2a15d9cf294_JaffaCakes118
-
Size
187KB
-
Sample
240625-rvxdzsybrn
-
MD5
0e6d0798b0405b492b38f2a15d9cf294
-
SHA1
d9c2b3a36bfea958c592d59389135f8d3b9b17d7
-
SHA256
c41bca2d5fb12447d5a872b34b0f55d2ddbc40cf1fd587341f3e3c91fc01ce82
-
SHA512
aaa94bcfc7a8bc3e70c16ec2074c3d9cad2d0c0f4e9b84bea68b72381427308a6b75aef1ff9d00f9fdc791db9cc92a1144a8927c230068130fd9ed501cd3f179
-
SSDEEP
3072:ZxggXDO6tb2L62bjTD7bfC5XQfsPlcWLOwNgQMMTWk4ivdEMiTPWWmqrPHDvkbWh:jtOw/2bfDvfC5XQfsyLwJQk9v5wuW9Pw
Static task
static1
Behavioral task
behavioral1
Sample
0e6d0798b0405b492b38f2a15d9cf294_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0e6d0798b0405b492b38f2a15d9cf294_JaffaCakes118
-
Size
187KB
-
MD5
0e6d0798b0405b492b38f2a15d9cf294
-
SHA1
d9c2b3a36bfea958c592d59389135f8d3b9b17d7
-
SHA256
c41bca2d5fb12447d5a872b34b0f55d2ddbc40cf1fd587341f3e3c91fc01ce82
-
SHA512
aaa94bcfc7a8bc3e70c16ec2074c3d9cad2d0c0f4e9b84bea68b72381427308a6b75aef1ff9d00f9fdc791db9cc92a1144a8927c230068130fd9ed501cd3f179
-
SSDEEP
3072:ZxggXDO6tb2L62bjTD7bfC5XQfsPlcWLOwNgQMMTWk4ivdEMiTPWWmqrPHDvkbWh:jtOw/2bfDvfC5XQfsyLwJQk9v5wuW9Pw
-
Modifies firewall policy service
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1