General
-
Target
2669b7bfeb1071eb4f5ab404739634c0_JaffaCakes118
-
Size
70KB
-
Sample
240704-14g54asblm
-
MD5
2669b7bfeb1071eb4f5ab404739634c0
-
SHA1
c29efb6702ce5224dad72934c679f3a48bb38b49
-
SHA256
33ee55954cdbf2d4a1cd96f5a2116a29996c77a581f3be9156343ff07651960a
-
SHA512
5739d9b01bc882fb34553fefddc388b76b376a4f91f7ca2ad0c8233b807fa0b95a70c1e57570f2b008929717d7e607dae272341bb04b57a096e23fd32a5fa27f
-
SSDEEP
1536:7gulfDOO/TdXuv6pKc/7kieW390SMThXtS:vfDOO/Txuv6jQThXg
Malware Config
Targets
-
-
Target
2669b7bfeb1071eb4f5ab404739634c0_JaffaCakes118
-
Size
70KB
-
MD5
2669b7bfeb1071eb4f5ab404739634c0
-
SHA1
c29efb6702ce5224dad72934c679f3a48bb38b49
-
SHA256
33ee55954cdbf2d4a1cd96f5a2116a29996c77a581f3be9156343ff07651960a
-
SHA512
5739d9b01bc882fb34553fefddc388b76b376a4f91f7ca2ad0c8233b807fa0b95a70c1e57570f2b008929717d7e607dae272341bb04b57a096e23fd32a5fa27f
-
SSDEEP
1536:7gulfDOO/TdXuv6pKc/7kieW390SMThXtS:vfDOO/Txuv6jQThXg
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1