General
-
Target
1049f8311001cfdc83ca722186ae6a84_JaffaCakes118
-
Size
864KB
-
Sample
240626-b28gtsxalb
-
MD5
1049f8311001cfdc83ca722186ae6a84
-
SHA1
d85d068daa6ff32f7f9c2c3643dd483390fee074
-
SHA256
0ef1f91d77fbe3293cf787f038514ce7d555f82cc2d0a2d44cacd238b0630129
-
SHA512
79cdbfc5070866ec4f5d075c008ae83b920e0c34f651306e0b4fbca35af90992bf2e075429186c57f9683a35ad1274d3bc254652ae1303000929de09e4a9c002
-
SSDEEP
12288:7pF60cAOC5lk48FGg2aPSpyOShhVN/06VNeXZiUttPK24OlzetggBd:7pFUCk4ALx/06OiUttPf4CzUVd
Static task
static1
Behavioral task
behavioral1
Sample
1049f8311001cfdc83ca722186ae6a84_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1049f8311001cfdc83ca722186ae6a84_JaffaCakes118
-
Size
864KB
-
MD5
1049f8311001cfdc83ca722186ae6a84
-
SHA1
d85d068daa6ff32f7f9c2c3643dd483390fee074
-
SHA256
0ef1f91d77fbe3293cf787f038514ce7d555f82cc2d0a2d44cacd238b0630129
-
SHA512
79cdbfc5070866ec4f5d075c008ae83b920e0c34f651306e0b4fbca35af90992bf2e075429186c57f9683a35ad1274d3bc254652ae1303000929de09e4a9c002
-
SSDEEP
12288:7pF60cAOC5lk48FGg2aPSpyOShhVN/06VNeXZiUttPK24OlzetggBd:7pFUCk4ALx/06OiUttPf4CzUVd
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1