General
-
Target
16d74f72935d863751d019917e32bf9c_JaffaCakes118
-
Size
240KB
-
Sample
241005-jwddhathnq
-
MD5
16d74f72935d863751d019917e32bf9c
-
SHA1
9f650e12b9f7905f4d210be7c50d359b600f955e
-
SHA256
80ef9e6cc23d6a745c78ca09b9363255565b8d3dc02ab7bc6e83c95219f6c044
-
SHA512
1bf11a10401e1ad5d4d69f69c68df8030738ceb8390bc553e7a1c3a3797d5825d29c31cf91671d8242b93d2d145e53001efe586ffdc5394b3beda3dae43af41c
-
SSDEEP
6144:9Ta12CoCckAe8ABiO7AwnS35RTj21mPmJCOLqNV9Hw:Ck3duAw6THYmeJEV9Q
Static task
static1
Behavioral task
behavioral1
Sample
16d74f72935d863751d019917e32bf9c_JaffaCakes118.dll
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
16d74f72935d863751d019917e32bf9c_JaffaCakes118
-
Size
240KB
-
MD5
16d74f72935d863751d019917e32bf9c
-
SHA1
9f650e12b9f7905f4d210be7c50d359b600f955e
-
SHA256
80ef9e6cc23d6a745c78ca09b9363255565b8d3dc02ab7bc6e83c95219f6c044
-
SHA512
1bf11a10401e1ad5d4d69f69c68df8030738ceb8390bc553e7a1c3a3797d5825d29c31cf91671d8242b93d2d145e53001efe586ffdc5394b3beda3dae43af41c
-
SSDEEP
6144:9Ta12CoCckAe8ABiO7AwnS35RTj21mPmJCOLqNV9Hw:Ck3duAw6THYmeJEV9Q
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7