General
-
Target
0eb1657faddde5fc4bd339ed7aeb75d2_JaffaCakes118
-
Size
96KB
-
Sample
240625-tj6vdszcpd
-
MD5
0eb1657faddde5fc4bd339ed7aeb75d2
-
SHA1
c3f52241abe6c31df8efa0df25afa4faf5bfb4ed
-
SHA256
f2921a330b7b0113e705f867973b7613fcbc40129a4f4e25da1e08bb0283dc80
-
SHA512
59d0e3286a2d8254dffc8da92502ac4051a12deab04fc253c72792418e01dca386067bedbb6a6cac415a249981dc7cfa20c8a2622ad7d65e3987fac28190546d
-
SSDEEP
3072:dokVANZKKgXb96xpoTBHq0atl9MUuSelE:6MQZKKgXbeoTBHq0arzuU
Static task
static1
Behavioral task
behavioral1
Sample
0eb1657faddde5fc4bd339ed7aeb75d2_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0eb1657faddde5fc4bd339ed7aeb75d2_JaffaCakes118
-
Size
96KB
-
MD5
0eb1657faddde5fc4bd339ed7aeb75d2
-
SHA1
c3f52241abe6c31df8efa0df25afa4faf5bfb4ed
-
SHA256
f2921a330b7b0113e705f867973b7613fcbc40129a4f4e25da1e08bb0283dc80
-
SHA512
59d0e3286a2d8254dffc8da92502ac4051a12deab04fc253c72792418e01dca386067bedbb6a6cac415a249981dc7cfa20c8a2622ad7d65e3987fac28190546d
-
SSDEEP
3072:dokVANZKKgXb96xpoTBHq0atl9MUuSelE:6MQZKKgXbeoTBHq0arzuU
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5