General
-
Target
bf01fb2c775058f7efcd13cc0a5fba71_JaffaCakes118
-
Size
516KB
-
Sample
240824-t4elmsyhlb
-
MD5
bf01fb2c775058f7efcd13cc0a5fba71
-
SHA1
56bdeec86c03c208278fd01760853d5b5df2212d
-
SHA256
31f379b712496761d524d83a73ec2d8dd86f49a7f941fe8b716a25287431d764
-
SHA512
a59f1ea5dd1dead4d54fa79d15aaf7dcc4e286f1a04ab34b06d905067b8c22cc1e1857d414ce36ab2708bbba44dc4fd11bb754febb46141cc69c9e7f8d175bc2
-
SSDEEP
12288:3H7aBH9ZL2dOrdN2vWy0hsJBpRIUbGilG9rE6deGOcEq9c:MCdOrdDzhsJBXLbGCydeGOY
Malware Config
Targets
-
-
Target
bf01fb2c775058f7efcd13cc0a5fba71_JaffaCakes118
-
Size
516KB
-
MD5
bf01fb2c775058f7efcd13cc0a5fba71
-
SHA1
56bdeec86c03c208278fd01760853d5b5df2212d
-
SHA256
31f379b712496761d524d83a73ec2d8dd86f49a7f941fe8b716a25287431d764
-
SHA512
a59f1ea5dd1dead4d54fa79d15aaf7dcc4e286f1a04ab34b06d905067b8c22cc1e1857d414ce36ab2708bbba44dc4fd11bb754febb46141cc69c9e7f8d175bc2
-
SSDEEP
12288:3H7aBH9ZL2dOrdN2vWy0hsJBpRIUbGilG9rE6deGOcEq9c:MCdOrdDzhsJBXLbGCydeGOY
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1