General
-
Target
8e2121c0a56cfd9547dd862b2d1394b9_JaffaCakes118
-
Size
392KB
-
Sample
240812-kzvmmatgnn
-
MD5
8e2121c0a56cfd9547dd862b2d1394b9
-
SHA1
adf30bb08bc23d5d6e882bd26b29a5c0fb130d0b
-
SHA256
6904ef7f7268469f4e3a183eceaef429cb7d17ac0157aa72ccf33789ded2dc19
-
SHA512
d8ffc0e073c089c17562c323c6b2a1d1e3e064d0e1476c25d1d73ac1247eaa29960754403901582e428a0920735df0c499aacdac6a9d79a00c90da2b9e5eaad0
-
SSDEEP
6144:Lb10YeUbXiDzvAwPVukXJMIj/1YTYK89XsbbuxZAN2y8QwgFRAE4wXk3P8C5i:X1nemiDMwxT6TYK0bs2yFw+RNRXk/P5i
Malware Config
Targets
-
-
Target
8e2121c0a56cfd9547dd862b2d1394b9_JaffaCakes118
-
Size
392KB
-
MD5
8e2121c0a56cfd9547dd862b2d1394b9
-
SHA1
adf30bb08bc23d5d6e882bd26b29a5c0fb130d0b
-
SHA256
6904ef7f7268469f4e3a183eceaef429cb7d17ac0157aa72ccf33789ded2dc19
-
SHA512
d8ffc0e073c089c17562c323c6b2a1d1e3e064d0e1476c25d1d73ac1247eaa29960754403901582e428a0920735df0c499aacdac6a9d79a00c90da2b9e5eaad0
-
SSDEEP
6144:Lb10YeUbXiDzvAwPVukXJMIj/1YTYK89XsbbuxZAN2y8QwgFRAE4wXk3P8C5i:X1nemiDMwxT6TYK0bs2yFw+RNRXk/P5i
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1