General
-
Target
1047b311d084c19b076689dae93e9f01_JaffaCakes118
-
Size
553KB
-
Sample
240626-b1rgxszbrp
-
MD5
1047b311d084c19b076689dae93e9f01
-
SHA1
8cefe44eb6d07c29243a6c2040f93f87f5b82ebd
-
SHA256
2f1bed6137d7251505d7db88436b3b14f5f937d90ff9bcbaafb6badee0e8a329
-
SHA512
5a0e70686a7207b21b2939c0b28428d722feaf1a90b7a84cab6a2c0cb770c7801e0f3fec6f414e411578c3de0b65624dbf851f487c3cabfa147c58d4cec6be7b
-
SSDEEP
6144:n0RrrqrQko9Ul/AdHbI9UcP6PL9o0oRPHkRyubDR1pNXBGAFDoAPnxhSgojv/aj4:n0Rrr9rlI91ipo0o7uTLxKAJhbIyj4
Behavioral task
behavioral1
Sample
1047b311d084c19b076689dae93e9f01_JaffaCakes118.dll
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
1047b311d084c19b076689dae93e9f01_JaffaCakes118
-
Size
553KB
-
MD5
1047b311d084c19b076689dae93e9f01
-
SHA1
8cefe44eb6d07c29243a6c2040f93f87f5b82ebd
-
SHA256
2f1bed6137d7251505d7db88436b3b14f5f937d90ff9bcbaafb6badee0e8a329
-
SHA512
5a0e70686a7207b21b2939c0b28428d722feaf1a90b7a84cab6a2c0cb770c7801e0f3fec6f414e411578c3de0b65624dbf851f487c3cabfa147c58d4cec6be7b
-
SSDEEP
6144:n0RrrqrQko9Ul/AdHbI9UcP6PL9o0oRPHkRyubDR1pNXBGAFDoAPnxhSgojv/aj4:n0Rrr9rlI91ipo0o7uTLxKAJhbIyj4
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1