General
-
Target
71c6c18a7143cd13e7c785f8631b8e17_JaffaCakes118
-
Size
420KB
-
Sample
240725-3yb31atakp
-
MD5
71c6c18a7143cd13e7c785f8631b8e17
-
SHA1
a7934c73b0d2bebc2479e7bb42309863b4a0b80f
-
SHA256
a96ae1dd912fc866007706b3f4f94491fb11397de5bf2a917da1412d00abf3c0
-
SHA512
0f0c9757aae8819c45f1321ab9a7f197c56a787407ac2b6928ed8bde585eb2639ed5ce4ad94799a2a1bb633bf1c9bbaa97302703c23d628891d7c22323012d06
-
SSDEEP
12288:zwNoQNPKmi5sfUU51pXaFMj1zl/lMxo/lo7CcZGe:cHNPKqfd/lRNcZ3
Malware Config
Targets
-
-
Target
71c6c18a7143cd13e7c785f8631b8e17_JaffaCakes118
-
Size
420KB
-
MD5
71c6c18a7143cd13e7c785f8631b8e17
-
SHA1
a7934c73b0d2bebc2479e7bb42309863b4a0b80f
-
SHA256
a96ae1dd912fc866007706b3f4f94491fb11397de5bf2a917da1412d00abf3c0
-
SHA512
0f0c9757aae8819c45f1321ab9a7f197c56a787407ac2b6928ed8bde585eb2639ed5ce4ad94799a2a1bb633bf1c9bbaa97302703c23d628891d7c22323012d06
-
SSDEEP
12288:zwNoQNPKmi5sfUU51pXaFMj1zl/lMxo/lo7CcZGe:cHNPKqfd/lRNcZ3
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1