General
-
Target
db1fae1a3b341a5557f7fcc189960b87_JaffaCakes118
-
Size
384KB
-
Sample
240911-yrkz4szhng
-
MD5
db1fae1a3b341a5557f7fcc189960b87
-
SHA1
350a052ba38efb76e73f6ce7da7f057b2c185e95
-
SHA256
bd364a7a42143bfebd0c1f80bc6e0c69e253bcd05f96eee1c59cb982c7773bc2
-
SHA512
9e039171d84e1a25c20fe6328ee76509bc2054ae4bfed0380b5fe16af5b29f23149aab160d25135a256d53814580cb79893dca05ebd9027b16dffaaace2df423
-
SSDEEP
6144:UZfec9EbXDk6Rk8KWnmy+g46nmy+g4oE2E4:UZWtI6RkgV64
Malware Config
Targets
-
-
Target
db1fae1a3b341a5557f7fcc189960b87_JaffaCakes118
-
Size
384KB
-
MD5
db1fae1a3b341a5557f7fcc189960b87
-
SHA1
350a052ba38efb76e73f6ce7da7f057b2c185e95
-
SHA256
bd364a7a42143bfebd0c1f80bc6e0c69e253bcd05f96eee1c59cb982c7773bc2
-
SHA512
9e039171d84e1a25c20fe6328ee76509bc2054ae4bfed0380b5fe16af5b29f23149aab160d25135a256d53814580cb79893dca05ebd9027b16dffaaace2df423
-
SSDEEP
6144:UZfec9EbXDk6Rk8KWnmy+g46nmy+g4oE2E4:UZWtI6RkgV64
Score10/10-
Disables service(s)
-
Modifies visibility of file extensions in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
1