General
-
Target
8bf20bfc18d0eccfafa105cb9c0ab826_JaffaCakes118
-
Size
511KB
-
Sample
240811-zrwmaasbkc
-
MD5
8bf20bfc18d0eccfafa105cb9c0ab826
-
SHA1
9aff38f20566374adae457bf76822ebac88f1dd2
-
SHA256
323fff89eace9d8c40d8f66893e617309ee21f2ab75cfae5f5b3cc795d4110e7
-
SHA512
a0539fa07789875d4c2afc31e7d83c317d0c3d32de79c73647e17376bf664cba425975df97640fbe722566284b9371da29e8d6998eb97f93e1a1253b9d7f56e2
-
SSDEEP
12288:o3W85Eau61btezvs6VT4wl5TMnAjqhyrDLWPzB:GI61btWz9puQWB
Malware Config
Targets
-
-
Target
8bf20bfc18d0eccfafa105cb9c0ab826_JaffaCakes118
-
Size
511KB
-
MD5
8bf20bfc18d0eccfafa105cb9c0ab826
-
SHA1
9aff38f20566374adae457bf76822ebac88f1dd2
-
SHA256
323fff89eace9d8c40d8f66893e617309ee21f2ab75cfae5f5b3cc795d4110e7
-
SHA512
a0539fa07789875d4c2afc31e7d83c317d0c3d32de79c73647e17376bf664cba425975df97640fbe722566284b9371da29e8d6998eb97f93e1a1253b9d7f56e2
-
SSDEEP
12288:o3W85Eau61btezvs6VT4wl5TMnAjqhyrDLWPzB:GI61btWz9puQWB
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1