General
-
Target
edcf739638e14c835cc3cc8f98bcb5eb_JaffaCakes118
-
Size
527KB
-
Sample
240920-r1tv2s1gkg
-
MD5
edcf739638e14c835cc3cc8f98bcb5eb
-
SHA1
5c79c0b66cffb2a180aea8da240351abd4124e53
-
SHA256
b22ccc08a58cbeb4693898398e9f01d43c95183bc9707c6846dfba03fed587cf
-
SHA512
bf22589ab2ca3bec861c21c1e3484e2b817baae0875f47b034723dcb9b9d1aa1382ab9e6dd82b64cd3f5893b03841d3f6b3bd727594fd61b278939f8d5be6256
-
SSDEEP
12288:VZGkGJ5fwvLQhMwOVLIFo1oLSWEckKBj11Vu3Vut:VZGDJ5kLQV6cyuSWc4NaVY
Malware Config
Targets
-
-
Target
edcf739638e14c835cc3cc8f98bcb5eb_JaffaCakes118
-
Size
527KB
-
MD5
edcf739638e14c835cc3cc8f98bcb5eb
-
SHA1
5c79c0b66cffb2a180aea8da240351abd4124e53
-
SHA256
b22ccc08a58cbeb4693898398e9f01d43c95183bc9707c6846dfba03fed587cf
-
SHA512
bf22589ab2ca3bec861c21c1e3484e2b817baae0875f47b034723dcb9b9d1aa1382ab9e6dd82b64cd3f5893b03841d3f6b3bd727594fd61b278939f8d5be6256
-
SSDEEP
12288:VZGkGJ5fwvLQhMwOVLIFo1oLSWEckKBj11Vu3Vut:VZGDJ5kLQV6cyuSWc4NaVY
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1