General
-
Target
c953222f86f5148c82825b3f4d948977_JaffaCakes118
-
Size
3.5MB
-
Sample
240829-whxw7swamk
-
MD5
c953222f86f5148c82825b3f4d948977
-
SHA1
dce82a6b2bd843eea0abeb4ef83ba8fc8c5db608
-
SHA256
f511e3a06796a1e2fd43ef59808dc03609b0e38c616ed563536e8d3a95c20c02
-
SHA512
c077935401fbeb3afe3564beddee8be9b3ef61c7caae4ceb778c5f2cf71edecf38caec480390f19cea7a8751b29783ff73a242e4838e8da61420fc996150e5c8
-
SSDEEP
98304:zbyTascPJTCDjHhwshkU2tkfCYF3szta67p:zWaHJGXctq12a67
Malware Config
Targets
-
-
Target
c953222f86f5148c82825b3f4d948977_JaffaCakes118
-
Size
3.5MB
-
MD5
c953222f86f5148c82825b3f4d948977
-
SHA1
dce82a6b2bd843eea0abeb4ef83ba8fc8c5db608
-
SHA256
f511e3a06796a1e2fd43ef59808dc03609b0e38c616ed563536e8d3a95c20c02
-
SHA512
c077935401fbeb3afe3564beddee8be9b3ef61c7caae4ceb778c5f2cf71edecf38caec480390f19cea7a8751b29783ff73a242e4838e8da61420fc996150e5c8
-
SSDEEP
98304:zbyTascPJTCDjHhwshkU2tkfCYF3szta67p:zWaHJGXctq12a67
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1