General
-
Target
b240ba9b588b5621d2327de5e21a6e6e_JaffaCakes118
-
Size
48KB
-
Sample
240821-f49j5asalh
-
MD5
b240ba9b588b5621d2327de5e21a6e6e
-
SHA1
1fbdc829631d5f3e05dececb645af5da01edc979
-
SHA256
e6354b55a83e8c9297d552158731c2a2d9cf2aa67eeb0f7d2f8d52c0a26b9dd9
-
SHA512
88a472cf4c25102d598e1e189cdfb05dbbece01ea5f198e0a34ead30f79f8fc491b3b3a81424411111e8d86e1369a2bf8c5187f0ce2f73ebd14b96e7ec42e2e8
-
SSDEEP
768:zYQ5YVatxL2SgMstN4/OBpORJZ4rOnMs:zYQ5VO4/OBpOwO
Malware Config
Targets
-
-
Target
b240ba9b588b5621d2327de5e21a6e6e_JaffaCakes118
-
Size
48KB
-
MD5
b240ba9b588b5621d2327de5e21a6e6e
-
SHA1
1fbdc829631d5f3e05dececb645af5da01edc979
-
SHA256
e6354b55a83e8c9297d552158731c2a2d9cf2aa67eeb0f7d2f8d52c0a26b9dd9
-
SHA512
88a472cf4c25102d598e1e189cdfb05dbbece01ea5f198e0a34ead30f79f8fc491b3b3a81424411111e8d86e1369a2bf8c5187f0ce2f73ebd14b96e7ec42e2e8
-
SSDEEP
768:zYQ5YVatxL2SgMstN4/OBpORJZ4rOnMs:zYQ5VO4/OBpOwO
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2