General
-
Target
f6c0a3b487a8be087d45c4ed6207e607_JaffaCakes118
-
Size
1.0MB
-
Sample
240925-ym16javbrn
-
MD5
f6c0a3b487a8be087d45c4ed6207e607
-
SHA1
0e14cf6033ca1d227efb5948c461168fcda34c36
-
SHA256
1b2c13ce605f5e7ea6bd255f4d6810d38fdabe71e40fc90001a9df6adfc04408
-
SHA512
e6684653f4277a5995a4e1e5e5d09e7425b28ad768770d6ad2c3ee151b527e2023fcacdda21b3d2ac18f0841ee0d756168a8c54ee6b2cf353f39dc8c4b640612
-
SSDEEP
24576:2jR2P60vkzBETlCv0p7znspnwWyPymlKhijiykTsS:2mvkzBEZIGspnwWcXkhi2FT
Malware Config
Targets
-
-
Target
f6c0a3b487a8be087d45c4ed6207e607_JaffaCakes118
-
Size
1.0MB
-
MD5
f6c0a3b487a8be087d45c4ed6207e607
-
SHA1
0e14cf6033ca1d227efb5948c461168fcda34c36
-
SHA256
1b2c13ce605f5e7ea6bd255f4d6810d38fdabe71e40fc90001a9df6adfc04408
-
SHA512
e6684653f4277a5995a4e1e5e5d09e7425b28ad768770d6ad2c3ee151b527e2023fcacdda21b3d2ac18f0841ee0d756168a8c54ee6b2cf353f39dc8c4b640612
-
SSDEEP
24576:2jR2P60vkzBETlCv0p7znspnwWyPymlKhijiykTsS:2mvkzBEZIGspnwWcXkhi2FT
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
2Modify Registry
2