General
-
Target
ed64c83d920aae6bfb311ad28c94e839_JaffaCakes118
-
Size
123KB
-
Sample
240920-mhbjja1gpe
-
MD5
ed64c83d920aae6bfb311ad28c94e839
-
SHA1
8ea4768933b96229e1610f411f26916d415e561a
-
SHA256
3e719b53b1e1cad35537414f17c9dcd70878f6bacbb3c9ec8147769480128c59
-
SHA512
b359fba54e38085fdaccab6e686f6333bb939680416fef6a2c4d289bbe5ae4e397165ba333cac5f1a697d48d99be1eb630b0102438ffd8be7c323218c00431f6
-
SSDEEP
3072:e3g4tS/us6eh5LQel+prnMrVFqd8DJemcVf:e7EWGFQelUMZIahQf
Malware Config
Targets
-
-
Target
Picture23.JPG_www.facebook.com
-
Size
151KB
-
MD5
55524c404df74bb9b250be700fb259dd
-
SHA1
b06e764e2d6f4566cd50508c795e86385646acb8
-
SHA256
c375eaf269790ff3153b14c148051097d9b0128804b7c1f99204474016a108ee
-
SHA512
eef9811d6d885e14731a5f49df1dfe82c3fae64333b517d52e132517f8cfd8115a9486634ba9d1d0edf8ceec478fcbfcc8efa59d58e6747e7c3b0983198be76f
-
SSDEEP
3072:+3cvK6bs0J34gdnhPNel+prBMrVFqd8DJPaFNBT:+3SKqUgBNelcMZIaUB
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1