General
-
Target
105bb87c899390ac3d8055d9ee43a1fd_JaffaCakes118
-
Size
756KB
-
Sample
240626-chkr4a1dnr
-
MD5
105bb87c899390ac3d8055d9ee43a1fd
-
SHA1
2c3aa4e14a0e15f17133f2180b22c98faea9c10b
-
SHA256
f282c8828b0ce59eadc5b165397be2dcb2706cec5d61d57c1e97730d0be8e6f9
-
SHA512
30216dd53f45824e6ed4872d558bb6f9c179a66c05d2af34a085a76e6f99fa82cf1ed2fa83103bcf82d4dca5aeb226fc0db8adfd0281c4aa6bef59c36b69bc5f
-
SSDEEP
12288:R0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+EKg55vZuYtx:uCwsdPJyC29xBZuYH
Static task
static1
Behavioral task
behavioral1
Sample
105bb87c899390ac3d8055d9ee43a1fd_JaffaCakes118.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
105bb87c899390ac3d8055d9ee43a1fd_JaffaCakes118
-
Size
756KB
-
MD5
105bb87c899390ac3d8055d9ee43a1fd
-
SHA1
2c3aa4e14a0e15f17133f2180b22c98faea9c10b
-
SHA256
f282c8828b0ce59eadc5b165397be2dcb2706cec5d61d57c1e97730d0be8e6f9
-
SHA512
30216dd53f45824e6ed4872d558bb6f9c179a66c05d2af34a085a76e6f99fa82cf1ed2fa83103bcf82d4dca5aeb226fc0db8adfd0281c4aa6bef59c36b69bc5f
-
SSDEEP
12288:R0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+EKg55vZuYtx:uCwsdPJyC29xBZuYH
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1