General

  • Target

    1b9aac91eee54cffc5e27c374a11a99b_JaffaCakes118

  • Size

    5.9MB

  • Sample

    241007-fl9geaxcjl

  • MD5

    1b9aac91eee54cffc5e27c374a11a99b

  • SHA1

    dcadbc0f895816c6c403f06b3f8e12f279a6cf7c

  • SHA256

    fb76a02ffa6e3ef8c141e7994f808e76013e4e39f03a2c2f4cffeec8fcbd6e45

  • SHA512

    19bc82314eed220bb34c0d467185fec9ed5cda022f9efe05e56acad7bdecd33b4e3013317707911e645df44bd6c412fd1fc16dc6261ee2c7cc2dd0f747eaf36f

  • SSDEEP

    98304:i5rnFM6H/8YUSGQEXg805FqDDeqTeN3q7mKm8etA4HtcYK8iDhHmTZSruagajd:AzFMw/8YU7caPeqs3ZVAJYKJNGSuagap

Malware Config

Targets

    • Target

      1b9aac91eee54cffc5e27c374a11a99b_JaffaCakes118

    • Size

      5.9MB

    • MD5

      1b9aac91eee54cffc5e27c374a11a99b

    • SHA1

      dcadbc0f895816c6c403f06b3f8e12f279a6cf7c

    • SHA256

      fb76a02ffa6e3ef8c141e7994f808e76013e4e39f03a2c2f4cffeec8fcbd6e45

    • SHA512

      19bc82314eed220bb34c0d467185fec9ed5cda022f9efe05e56acad7bdecd33b4e3013317707911e645df44bd6c412fd1fc16dc6261ee2c7cc2dd0f747eaf36f

    • SSDEEP

      98304:i5rnFM6H/8YUSGQEXg805FqDDeqTeN3q7mKm8etA4HtcYK8iDhHmTZSruagajd:AzFMw/8YU7caPeqs3ZVAJYKJNGSuagap

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

MITRE ATT&CK Enterprise v15

Tasks