General
-
Target
ed31bb85f6170a70393deb78b3d904c3_JaffaCakes118
-
Size
78KB
-
Sample
240920-j9tyeaxejn
-
MD5
ed31bb85f6170a70393deb78b3d904c3
-
SHA1
6d17ff5ab6178f2b47074bc2b563bfa08bb992ce
-
SHA256
5375eec1935bf551748def474fa2d933f8cb0651200adf3babe89c47da8ee57e
-
SHA512
2c8485f9837fe5126bf000c9e462459c7e4fa8c1eceaa926528a501cd76f57e44bbdb7bd302b48c56da98d11776c8a086074bd451e80f808792a34fb17ebadfd
-
SSDEEP
1536:8Fa5WBIAXkzOt9FnWZLrrRQFmhWPONL8VA2wZSM7e:8s5ta9F2MiL8VA28S3
Malware Config
Targets
-
-
Target
ed31bb85f6170a70393deb78b3d904c3_JaffaCakes118
-
Size
78KB
-
MD5
ed31bb85f6170a70393deb78b3d904c3
-
SHA1
6d17ff5ab6178f2b47074bc2b563bfa08bb992ce
-
SHA256
5375eec1935bf551748def474fa2d933f8cb0651200adf3babe89c47da8ee57e
-
SHA512
2c8485f9837fe5126bf000c9e462459c7e4fa8c1eceaa926528a501cd76f57e44bbdb7bd302b48c56da98d11776c8a086074bd451e80f808792a34fb17ebadfd
-
SSDEEP
1536:8Fa5WBIAXkzOt9FnWZLrrRQFmhWPONL8VA2wZSM7e:8s5ta9F2MiL8VA28S3
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1