General
-
Target
107f9fc8607bce1774c10b2bb48c0fd0_JaffaCakes118
-
Size
141KB
-
Sample
240626-dfnxeatdqn
-
MD5
107f9fc8607bce1774c10b2bb48c0fd0
-
SHA1
f923b376e5a2d7379d33984e0077d36f78aa5bb8
-
SHA256
c549036b52f40abe7a5c8dc1493428dab6cb822e65db8227ec7750bcbeaf48af
-
SHA512
160bccc658d4d29e6bd613d72c086d11b1b0cb0d4c52c0d454a86ec9a2f26dd011d660913702e1bd3863fa53b728729e8ae26412dcabe4fd3e2d564d7f7c0f0f
-
SSDEEP
3072:ohwtH7LX/mY/ZGp+nukDJlwK8RQYsCWcxuSem:oWH7LX/mYUk/DJe3RgCWcxuU
Static task
static1
Behavioral task
behavioral1
Sample
107f9fc8607bce1774c10b2bb48c0fd0_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
107f9fc8607bce1774c10b2bb48c0fd0_JaffaCakes118
-
Size
141KB
-
MD5
107f9fc8607bce1774c10b2bb48c0fd0
-
SHA1
f923b376e5a2d7379d33984e0077d36f78aa5bb8
-
SHA256
c549036b52f40abe7a5c8dc1493428dab6cb822e65db8227ec7750bcbeaf48af
-
SHA512
160bccc658d4d29e6bd613d72c086d11b1b0cb0d4c52c0d454a86ec9a2f26dd011d660913702e1bd3863fa53b728729e8ae26412dcabe4fd3e2d564d7f7c0f0f
-
SSDEEP
3072:ohwtH7LX/mY/ZGp+nukDJlwK8RQYsCWcxuSem:oWH7LX/mYUk/DJe3RgCWcxuU
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5