General
-
Target
a7d8e021c159a3156f32c88dfec95566_JaffaCakes118
-
Size
184KB
-
Sample
240818-xqc3fasdnl
-
MD5
a7d8e021c159a3156f32c88dfec95566
-
SHA1
cac85a1417d0c46fba649efa47ff1075188fb9c8
-
SHA256
e3fe9053835cbed3bcde73b1d8a6d31ae9cf214348d3aff503c52db48f40ef4c
-
SHA512
3a6e7a2feb32bc115e6a074fde1299b5a25b0c01bccd6172f9942805224bd8dcdd714d51201663861d8a961447a273d130ea83eaec3b27ccd8a05afc39372ce9
-
SSDEEP
3072:c5G3wN0UE6LN1P0yEx3Q5AcpK/lUXSwyR7gNmmAMyFnvqcauO1uKSw4n:+GVUTN1jEOFKdUXSw+7YOnhM1uf7
Malware Config
Targets
-
-
Target
a7d8e021c159a3156f32c88dfec95566_JaffaCakes118
-
Size
184KB
-
MD5
a7d8e021c159a3156f32c88dfec95566
-
SHA1
cac85a1417d0c46fba649efa47ff1075188fb9c8
-
SHA256
e3fe9053835cbed3bcde73b1d8a6d31ae9cf214348d3aff503c52db48f40ef4c
-
SHA512
3a6e7a2feb32bc115e6a074fde1299b5a25b0c01bccd6172f9942805224bd8dcdd714d51201663861d8a961447a273d130ea83eaec3b27ccd8a05afc39372ce9
-
SSDEEP
3072:c5G3wN0UE6LN1P0yEx3Q5AcpK/lUXSwyR7gNmmAMyFnvqcauO1uKSw4n:+GVUTN1jEOFKdUXSw+7YOnhM1uf7
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1