General
-
Target
1076baa33803a6560aeb4e0fcdde8a27_JaffaCakes118
-
Size
100KB
-
Sample
240626-c8r9vszfpd
-
MD5
1076baa33803a6560aeb4e0fcdde8a27
-
SHA1
03dd9093723ae117ca2a9bc14a11659517d827f8
-
SHA256
61b3ad4f23e885eacfa15332f61dabcc871f5b6ba599419b1c1a387149b164a6
-
SHA512
4a2829e6e640be3de8beb85fe7815bde791af9ed461a3706c342e5df355bb077606b20560eb612a9e0e25502cea314de527a531b5f6ec621b6b72db8702844fa
-
SSDEEP
1536:0mFpIp0DEOMUB+l4khmSRxPFP5K8OlQTXtZCRWP:04ap0DEaBQ4WmSRxtPUlyL+
Static task
static1
Behavioral task
behavioral1
Sample
1076baa33803a6560aeb4e0fcdde8a27_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1076baa33803a6560aeb4e0fcdde8a27_JaffaCakes118
-
Size
100KB
-
MD5
1076baa33803a6560aeb4e0fcdde8a27
-
SHA1
03dd9093723ae117ca2a9bc14a11659517d827f8
-
SHA256
61b3ad4f23e885eacfa15332f61dabcc871f5b6ba599419b1c1a387149b164a6
-
SHA512
4a2829e6e640be3de8beb85fe7815bde791af9ed461a3706c342e5df355bb077606b20560eb612a9e0e25502cea314de527a531b5f6ec621b6b72db8702844fa
-
SSDEEP
1536:0mFpIp0DEOMUB+l4khmSRxPFP5K8OlQTXtZCRWP:04ap0DEaBQ4WmSRxtPUlyL+
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5