General
-
Target
10791e3a7abd4eb967784eed19f13312_JaffaCakes118
-
Size
100KB
-
Sample
240626-dalvvszgpg
-
MD5
10791e3a7abd4eb967784eed19f13312
-
SHA1
2c9059ac696ab665dbca341f1e249d6161e40e5d
-
SHA256
13fe316e099006ffaab342fd69640c52c7336c66c5b7d0704d87a0da0f66e623
-
SHA512
9f7dcb7c30ca4643ee098df6d41a2098c2c88f1f9063a0823b1ea565c85f10029aa1c8ce858b6be9d5784fbec1b79c112d6568deabb177e73d2961d709078bf0
-
SSDEEP
3072:jHDzEqyRrIvBUagIVAXW2D6BrfIX0hAFql:bDz5yR8ZqIVJXhihq
Static task
static1
Behavioral task
behavioral1
Sample
10791e3a7abd4eb967784eed19f13312_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
10791e3a7abd4eb967784eed19f13312_JaffaCakes118
-
Size
100KB
-
MD5
10791e3a7abd4eb967784eed19f13312
-
SHA1
2c9059ac696ab665dbca341f1e249d6161e40e5d
-
SHA256
13fe316e099006ffaab342fd69640c52c7336c66c5b7d0704d87a0da0f66e623
-
SHA512
9f7dcb7c30ca4643ee098df6d41a2098c2c88f1f9063a0823b1ea565c85f10029aa1c8ce858b6be9d5784fbec1b79c112d6568deabb177e73d2961d709078bf0
-
SSDEEP
3072:jHDzEqyRrIvBUagIVAXW2D6BrfIX0hAFql:bDz5yR8ZqIVJXhihq
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5