General
-
Target
0e800efaf61919f9eedcfd6a0e3fa368_JaffaCakes118
-
Size
283KB
-
Sample
240625-sdnwyszckl
-
MD5
0e800efaf61919f9eedcfd6a0e3fa368
-
SHA1
5b983feda756d0246b228e0e8c778afa35e4c8a3
-
SHA256
469dd425f7c8429479a39aa70841e2815853e9087821a67ec4386d158f06ed0b
-
SHA512
cfff0e6b16ad898259b56abc672a304523d64fb56c7dbfc05d50a9e3c167c766c674d1a5fd15027e2ff1cfd16a6cab6157f4281a7f8a2a7fa4aa560bc880de77
-
SSDEEP
6144:WvEm2U+T6i5LirrllHy4HUcMQY6kaW+2mX10t5Lo:YEmN+T5xYrllrU7QY6kaBl08
Static task
static1
Behavioral task
behavioral1
Sample
0e800efaf61919f9eedcfd6a0e3fa368_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0e800efaf61919f9eedcfd6a0e3fa368_JaffaCakes118
-
Size
283KB
-
MD5
0e800efaf61919f9eedcfd6a0e3fa368
-
SHA1
5b983feda756d0246b228e0e8c778afa35e4c8a3
-
SHA256
469dd425f7c8429479a39aa70841e2815853e9087821a67ec4386d158f06ed0b
-
SHA512
cfff0e6b16ad898259b56abc672a304523d64fb56c7dbfc05d50a9e3c167c766c674d1a5fd15027e2ff1cfd16a6cab6157f4281a7f8a2a7fa4aa560bc880de77
-
SSDEEP
6144:WvEm2U+T6i5LirrllHy4HUcMQY6kaW+2mX10t5Lo:YEmN+T5xYrllrU7QY6kaBl08
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1