General
-
Target
41f2417a047641acf1c5fa6abc75425f_JaffaCakes118
-
Size
3.6MB
-
Sample
240713-q6v5matbpl
-
MD5
41f2417a047641acf1c5fa6abc75425f
-
SHA1
77d4804e045aa54c181fb7b7ca36eb4bc140220b
-
SHA256
35343f917ca5b8ad992523af353ac610eb547076bde1e347696fb1414c42dab7
-
SHA512
9ce293a406fb05faca004dcd7e827f4156504aa970a098dc4992bdb85e2be4e53555778b3f8f6b9570e391773e3cd023c2c5667bf27e9754610a8140e2fa606e
-
SSDEEP
49152:kTw99ur0vQxpFYMOUJ0/axErfys6KOFXraawsVggOEU8KRctyOhcyhJFpw:mWDvQ9ROUiyDHUawsVggOEUbRxscyv
Malware Config
Targets
-
-
Target
41f2417a047641acf1c5fa6abc75425f_JaffaCakes118
-
Size
3.6MB
-
MD5
41f2417a047641acf1c5fa6abc75425f
-
SHA1
77d4804e045aa54c181fb7b7ca36eb4bc140220b
-
SHA256
35343f917ca5b8ad992523af353ac610eb547076bde1e347696fb1414c42dab7
-
SHA512
9ce293a406fb05faca004dcd7e827f4156504aa970a098dc4992bdb85e2be4e53555778b3f8f6b9570e391773e3cd023c2c5667bf27e9754610a8140e2fa606e
-
SSDEEP
49152:kTw99ur0vQxpFYMOUJ0/axErfys6KOFXraawsVggOEU8KRctyOhcyhJFpw:mWDvQ9ROUiyDHUawsVggOEUbRxscyv
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1