General
-
Target
62601be46af4e1d8d54886eed720bc02_JaffaCakes118
-
Size
1.8MB
-
Sample
240722-jqsagawdrh
-
MD5
62601be46af4e1d8d54886eed720bc02
-
SHA1
140b3ded92999d3a066d046819165d14ae8c6f06
-
SHA256
ff133b634efa3defb049bea0f697f8ad1349b9ea746f9c8ff8d4cb4007c88cf3
-
SHA512
b82aafaf4f29495fd4c30ed5d759ca2e1cce7c065bda5604547a9e10e0a7b4be81f5fc5c3c2310b334382cc0ad322610e462ee9fa343b7fe04a058add4aaf928
-
SSDEEP
49152:eXVkTlpKYUGDL1QpLhPR95F3t/FGb7eINrhse2bxaS:eXValpKYtnmdPRXjFGH/Nrk1f
Malware Config
Targets
-
-
Target
62601be46af4e1d8d54886eed720bc02_JaffaCakes118
-
Size
1.8MB
-
MD5
62601be46af4e1d8d54886eed720bc02
-
SHA1
140b3ded92999d3a066d046819165d14ae8c6f06
-
SHA256
ff133b634efa3defb049bea0f697f8ad1349b9ea746f9c8ff8d4cb4007c88cf3
-
SHA512
b82aafaf4f29495fd4c30ed5d759ca2e1cce7c065bda5604547a9e10e0a7b4be81f5fc5c3c2310b334382cc0ad322610e462ee9fa343b7fe04a058add4aaf928
-
SSDEEP
49152:eXVkTlpKYUGDL1QpLhPR95F3t/FGb7eINrhse2bxaS:eXValpKYtnmdPRXjFGH/Nrk1f
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1