General
-
Target
3ea4252e1452dd305860829a8c586080_JaffaCakes118
-
Size
4.1MB
-
Sample
240712-ygys8azdpe
-
MD5
3ea4252e1452dd305860829a8c586080
-
SHA1
2a03733b26030e760f0fbf6a590b0e2ab5c46917
-
SHA256
ca075adcc5423be5593de955e19ecedba3b99f45887e0412865f137bfd18d555
-
SHA512
0688edb0f573550303c7772ea08b052006d7d50848fe49c422b66a1d12aa80e6515768fdbec35d420b900ee58688b554bdc364f0334b8bbd153e3755039cc05d
-
SSDEEP
98304:jTOhsfJwCcJnsgt1vdo08s2JpQpwh4Vlmfxl7K:jShKxcp99dIJpQp7LmW
Malware Config
Targets
-
-
Target
3ea4252e1452dd305860829a8c586080_JaffaCakes118
-
Size
4.1MB
-
MD5
3ea4252e1452dd305860829a8c586080
-
SHA1
2a03733b26030e760f0fbf6a590b0e2ab5c46917
-
SHA256
ca075adcc5423be5593de955e19ecedba3b99f45887e0412865f137bfd18d555
-
SHA512
0688edb0f573550303c7772ea08b052006d7d50848fe49c422b66a1d12aa80e6515768fdbec35d420b900ee58688b554bdc364f0334b8bbd153e3755039cc05d
-
SSDEEP
98304:jTOhsfJwCcJnsgt1vdo08s2JpQpwh4Vlmfxl7K:jShKxcp99dIJpQp7LmW
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1