General
-
Target
18af26822f21d19782242b21e0aadcdd_JaffaCakes118
-
Size
7.2MB
-
Sample
240628-efnr3ssemk
-
MD5
18af26822f21d19782242b21e0aadcdd
-
SHA1
5a5e84543baeaebcdbabde9463b43b816e1c20fe
-
SHA256
41f72707048b9b7a1caeec4a64c3084205cfb26a978a80728d468024ae1376d1
-
SHA512
d22527dc62be51df4d48ca7a6b125e77aacac91cdf089a3afccf53e99be6607ed62a0051010e9985db298ad5396ba04f9d88000cc532daf8cc1ec50f495cc36f
-
SSDEEP
3072:qTU1huh7rnHmR38OC8GUrKjYBrh64tHxEAtKzk87zML1cK1THYPixi6CZseaiMWS:q34RMAGYx04tRlGpK5HYPixi6Cw1h
Malware Config
Targets
-
-
Target
SAINTS ROW THE THIRD-SKIDROW CRACK ONLY SKIDROW MP CRACK UPDATE.exe
-
Size
7.2MB
-
MD5
5da6c944172278a18797668b65d94938
-
SHA1
1187141fee10608002587e58ffd65e17d5ad632b
-
SHA256
3f0740f50ff9aa4fe2df75c75e1a29d158c3dbd83bfe0c230d3a609bc8e633e6
-
SHA512
e3460815930f3643d9b72890ebf5336408abdd24dc6f24c152ba9f9b639fd4532182cf2844fce891b76e49d6c9d4692363adee33ab58e9bada8ad0ea1ed84020
-
SSDEEP
3072:mTU1huh7rnHmR38OC8GUrKjYBrh64tHxEAtKzk87zML1cK1THYPixi6CZseaiMWY:m34RMAGYx04tRlGpK5HYPixi6Cw1
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1