General
-
Target
475057d7e3b99fc8ea9f0b9638e44bec_JaffaCakes118
-
Size
3.2MB
-
Sample
240714-3t56aa1anc
-
MD5
475057d7e3b99fc8ea9f0b9638e44bec
-
SHA1
c848df80e796c792d375a2dc0244b5fec9978b0f
-
SHA256
b272d11b1b95a1fcc7791488eb46b7a264b96bfcbd0b6aad7d6f719d970358ac
-
SHA512
2769d84c45c5d34197e5d50995205000187f9ad10446da44783a0bac67dfac77bec8e6c330cc41b775001744889d00b984774326fda3e77a99178d6006f9a974
-
SSDEEP
49152:sSMDFkGASmdmDUpDMlQGymxa3dbeTuinBuR2+kksLf91Es1yxFfVkwO2rytjKaHa:sSMDZAnQplQYxgnFnkH/XuUtOsau7
Malware Config
Targets
-
-
Target
475057d7e3b99fc8ea9f0b9638e44bec_JaffaCakes118
-
Size
3.2MB
-
MD5
475057d7e3b99fc8ea9f0b9638e44bec
-
SHA1
c848df80e796c792d375a2dc0244b5fec9978b0f
-
SHA256
b272d11b1b95a1fcc7791488eb46b7a264b96bfcbd0b6aad7d6f719d970358ac
-
SHA512
2769d84c45c5d34197e5d50995205000187f9ad10446da44783a0bac67dfac77bec8e6c330cc41b775001744889d00b984774326fda3e77a99178d6006f9a974
-
SSDEEP
49152:sSMDFkGASmdmDUpDMlQGymxa3dbeTuinBuR2+kksLf91Es1yxFfVkwO2rytjKaHa:sSMDZAnQplQYxgnFnkH/XuUtOsau7
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1