General
-
Target
9a7aa5fa464caf285e446b2a1106aa7c_JaffaCakes118
-
Size
775KB
-
Sample
240815-sbce5sxelb
-
MD5
9a7aa5fa464caf285e446b2a1106aa7c
-
SHA1
b2916e64d226fe5fb59517cf6bf82d135f34bfe1
-
SHA256
fb0f3e1ef821321f65e80f723df25219420c3de43afe3c7648b180b95b8572c0
-
SHA512
1ce6c588c537e2cca4358a69e8f00a2e07bd76f6e49dbb8b2f75a726645fb17fa9eea3a2ec6378214af6af2d52b43d62b719963a618022cc830b6cda859e7a5a
-
SSDEEP
24576:j8vpUxEfCEWTh5YfB9ElFmKfydKMzX5CHwhb2v:j8BEEqE8hG0mKKdjMQ8v
Static task
static1
Behavioral task
behavioral1
Sample
9a7aa5fa464caf285e446b2a1106aa7c_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Extracted
darkcomet
Guest16
mikikee101.no-ip.biz:1604
DC_MUTEX-9Z0XS1J
-
gencode
X5EiMd4aymlG
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9a7aa5fa464caf285e446b2a1106aa7c_JaffaCakes118
-
Size
775KB
-
MD5
9a7aa5fa464caf285e446b2a1106aa7c
-
SHA1
b2916e64d226fe5fb59517cf6bf82d135f34bfe1
-
SHA256
fb0f3e1ef821321f65e80f723df25219420c3de43afe3c7648b180b95b8572c0
-
SHA512
1ce6c588c537e2cca4358a69e8f00a2e07bd76f6e49dbb8b2f75a726645fb17fa9eea3a2ec6378214af6af2d52b43d62b719963a618022cc830b6cda859e7a5a
-
SSDEEP
24576:j8vpUxEfCEWTh5YfB9ElFmKfydKMzX5CHwhb2v:j8BEEqE8hG0mKKdjMQ8v
-
Modifies firewall policy service
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5