General
-
Target
11385575a8fc76f49e0d2406e7fdd9b2_JaffaCakes118
-
Size
166KB
-
Sample
240626-jhysaatalg
-
MD5
11385575a8fc76f49e0d2406e7fdd9b2
-
SHA1
30a4c6fcf4fd402376948e19c8d2c172edbc340d
-
SHA256
860f8c054372453165b5659a62fc63989fc041af94793fc6d99d93734dd75e0f
-
SHA512
723251389ed60fc03589488dfdd977a6265d3a23e0cd3a25ee3dd22a77fd543556c59689c95a0ac039964471276794690780de0acb644df24d1715fafdfe7055
-
SSDEEP
3072:12vTIyAjtVTNaPAm51VEa8vSozdVNfbEVBpAlqbCRZEILyhtoNmBn:+I1jPTNQ/Vl6Soz3lQlAlRZCht5n
Behavioral task
behavioral1
Sample
11385575a8fc76f49e0d2406e7fdd9b2_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
11385575a8fc76f49e0d2406e7fdd9b2_JaffaCakes118
-
Size
166KB
-
MD5
11385575a8fc76f49e0d2406e7fdd9b2
-
SHA1
30a4c6fcf4fd402376948e19c8d2c172edbc340d
-
SHA256
860f8c054372453165b5659a62fc63989fc041af94793fc6d99d93734dd75e0f
-
SHA512
723251389ed60fc03589488dfdd977a6265d3a23e0cd3a25ee3dd22a77fd543556c59689c95a0ac039964471276794690780de0acb644df24d1715fafdfe7055
-
SSDEEP
3072:12vTIyAjtVTNaPAm51VEa8vSozdVNfbEVBpAlqbCRZEILyhtoNmBn:+I1jPTNQ/Vl6Soz3lQlAlRZCht5n
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1