General
-
Target
0e806b317ce29bb7d86a65c8ab33b9aa_JaffaCakes118
-
Size
167KB
-
Sample
240625-sdy2xswgre
-
MD5
0e806b317ce29bb7d86a65c8ab33b9aa
-
SHA1
8c41e2f2209267b04c74b8ebe6ed50540e74eec0
-
SHA256
6b3cacd373f4d658b52d2d9350bd22921cf94be2d84e8d1870773d3e8f0ccd2d
-
SHA512
7e544db9070ba9ac018d5d857ee71dadc931dbe70f40e584de90d843d96704b50b0cc7712e9416d424a6b5386599eb241c0360cdcfafae9878401aa26483be78
-
SSDEEP
3072:L2NQKPWDyTRepJltZrpRSfHkUBf6RSQiM55qWqT:iNSDyTRothpQMUBfmSCq
Static task
static1
Behavioral task
behavioral1
Sample
0e806b317ce29bb7d86a65c8ab33b9aa_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0e806b317ce29bb7d86a65c8ab33b9aa_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0e806b317ce29bb7d86a65c8ab33b9aa_JaffaCakes118
-
Size
167KB
-
MD5
0e806b317ce29bb7d86a65c8ab33b9aa
-
SHA1
8c41e2f2209267b04c74b8ebe6ed50540e74eec0
-
SHA256
6b3cacd373f4d658b52d2d9350bd22921cf94be2d84e8d1870773d3e8f0ccd2d
-
SHA512
7e544db9070ba9ac018d5d857ee71dadc931dbe70f40e584de90d843d96704b50b0cc7712e9416d424a6b5386599eb241c0360cdcfafae9878401aa26483be78
-
SSDEEP
3072:L2NQKPWDyTRepJltZrpRSfHkUBf6RSQiM55qWqT:iNSDyTRothpQMUBfmSCq
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1