General

  • Target

    36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118

  • Size

    187KB

  • Sample

    240710-zzhqdszfkk

  • MD5

    36644e0e2f9978ca12f1ac5e713d2889

  • SHA1

    29d2b9d97ce41bb68df1121cd54a2170fc2c782a

  • SHA256

    0a9be1d4052365bb249cd68e98dae1207885ea1db731248adc26ee551cbaa488

  • SHA512

    2f00d8c046cf607b581624c944362c09e55f1fe4b4ca1683cdc6da6febb1617434c6a2c373009a43b91a4d6174d10462817f3d8630e72e12f20aea5dee6415cf

  • SSDEEP

    3072:JXKgEUQ000kvZk3mT+Q3snJ/wDTPfPMoph9cI1kKy0Otgvjo4Tk0lU2GXxE9g337:5KgY0M4mTn3sJw33hF1Po4HlMxE9gHQ4

Malware Config

Targets

    • Target

      36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118

    • Size

      187KB

    • MD5

      36644e0e2f9978ca12f1ac5e713d2889

    • SHA1

      29d2b9d97ce41bb68df1121cd54a2170fc2c782a

    • SHA256

      0a9be1d4052365bb249cd68e98dae1207885ea1db731248adc26ee551cbaa488

    • SHA512

      2f00d8c046cf607b581624c944362c09e55f1fe4b4ca1683cdc6da6febb1617434c6a2c373009a43b91a4d6174d10462817f3d8630e72e12f20aea5dee6415cf

    • SSDEEP

      3072:JXKgEUQ000kvZk3mT+Q3snJ/wDTPfPMoph9cI1kKy0Otgvjo4Tk0lU2GXxE9g337:5KgY0M4mTn3sJw33hF1Po4HlMxE9gHQ4

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Tasks