General

  • Target

    0d9bccc11000309d60fff12b7e0cf84b_JaffaCakes118

  • Size

    308KB

  • Sample

    241003-dkmj5s1flq

  • MD5

    0d9bccc11000309d60fff12b7e0cf84b

  • SHA1

    702e71578d723fb32aeed3946475ce96e2ddbf21

  • SHA256

    e23bf3a7902b30451a1edaf7089f6d09cb396a0c0e9234167990ffd36610ddcb

  • SHA512

    56f7b479b43d6df576f904c81122d16b07f83d135f608fb10b9ef21ec1b52679c5f5f25d591cd4b6cfcb8d09cf10328a4193436d39a640f84fd50b3bb2994542

  • SSDEEP

    6144:G/0uoNej3tJXy8Vz35MTZRkEPW1ymO1d3EsYr7kV:GJzj34Zi+uytEBrwV

Malware Config

Targets

    • Target

      0d9bccc11000309d60fff12b7e0cf84b_JaffaCakes118

    • Size

      308KB

    • MD5

      0d9bccc11000309d60fff12b7e0cf84b

    • SHA1

      702e71578d723fb32aeed3946475ce96e2ddbf21

    • SHA256

      e23bf3a7902b30451a1edaf7089f6d09cb396a0c0e9234167990ffd36610ddcb

    • SHA512

      56f7b479b43d6df576f904c81122d16b07f83d135f608fb10b9ef21ec1b52679c5f5f25d591cd4b6cfcb8d09cf10328a4193436d39a640f84fd50b3bb2994542

    • SSDEEP

      6144:G/0uoNej3tJXy8Vz35MTZRkEPW1ymO1d3EsYr7kV:GJzj34Zi+uytEBrwV

    • Modifies firewall policy service

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks