General
-
Target
0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118
-
Size
274KB
-
Sample
240625-tqcvwszfje
-
MD5
0eb8467d4cb3e4c7a04409ba67ac0360
-
SHA1
96e6ba4f69b34ad15601cdf320593f31546c204b
-
SHA256
b6928ada9b353108cb8fe31881ad6dbafc958187ca2ad80bcd9a7ba509339ddf
-
SHA512
718b6d17b15bad4d4ee35260a60b0d4af2a41f1d7fdb65372f78c28b94a419e69b4d976c3e93cb789178aa7e248b077abe73c98b76100d3600e0cd2ceb4d69d0
-
SSDEEP
6144:MbPiSudrfG5TyWylMUck2Vlax0i/be+F1Kp1EFGxkZ:MjiSud4yW8NcLaxBKCcUbZ
Static task
static1
Behavioral task
behavioral1
Sample
0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118
-
Size
274KB
-
MD5
0eb8467d4cb3e4c7a04409ba67ac0360
-
SHA1
96e6ba4f69b34ad15601cdf320593f31546c204b
-
SHA256
b6928ada9b353108cb8fe31881ad6dbafc958187ca2ad80bcd9a7ba509339ddf
-
SHA512
718b6d17b15bad4d4ee35260a60b0d4af2a41f1d7fdb65372f78c28b94a419e69b4d976c3e93cb789178aa7e248b077abe73c98b76100d3600e0cd2ceb4d69d0
-
SSDEEP
6144:MbPiSudrfG5TyWylMUck2Vlax0i/be+F1Kp1EFGxkZ:MjiSud4yW8NcLaxBKCcUbZ
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7