General
-
Target
eac961fb615a513bc979e5d0b3590e82_JaffaCakes118
-
Size
96KB
-
Sample
240919-hjv74swama
-
MD5
eac961fb615a513bc979e5d0b3590e82
-
SHA1
489f80795aaf0636cf8df8a37adc0bec48f103e2
-
SHA256
11af12f9e03d2d3fd1e820d7fc5feaa83fd2664c9ce444f40c1104ad5780fdb5
-
SHA512
9aca2dff01aa185c78cab0e69a86b7cc8dde06234b6e1786256f7b410b694cb228fe3a88ceb6240a61c552e87ba219d9fb38c24ece9cf43785bd6d09c2d33995
-
SSDEEP
1536:zPEacX8U87kkYKOtwFW1BizrqZRGFaYSnLkZYsYAOhk8I8m4vsQphPiasgd5P9kC:7csU8rO+OZY+nAZYsVOhk8IYvPsgd5Pd
Malware Config
Targets
-
-
Target
eac961fb615a513bc979e5d0b3590e82_JaffaCakes118
-
Size
96KB
-
MD5
eac961fb615a513bc979e5d0b3590e82
-
SHA1
489f80795aaf0636cf8df8a37adc0bec48f103e2
-
SHA256
11af12f9e03d2d3fd1e820d7fc5feaa83fd2664c9ce444f40c1104ad5780fdb5
-
SHA512
9aca2dff01aa185c78cab0e69a86b7cc8dde06234b6e1786256f7b410b694cb228fe3a88ceb6240a61c552e87ba219d9fb38c24ece9cf43785bd6d09c2d33995
-
SSDEEP
1536:zPEacX8U87kkYKOtwFW1BizrqZRGFaYSnLkZYsYAOhk8I8m4vsQphPiasgd5P9kC:7csU8rO+OZY+nAZYsVOhk8IYvPsgd5Pd
Score10/10-
Modifies firewall policy service
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
4