General
-
Target
49d1fd020c8f136f933673d630e18d4b_JaffaCakes118
-
Size
900KB
-
Sample
241015-y34atsvdpb
-
MD5
49d1fd020c8f136f933673d630e18d4b
-
SHA1
b4dcb8d4a0e5822894187a5ac1825cda7489bb13
-
SHA256
8fc6b1edf12b69ec825bd1e8eb04235fc2aadca0dc13a7c29783555bb2651383
-
SHA512
58896bc70173a4ad995db5c8c2cc38d69f7c4c09fc237d1fe68f26ad36728f8e44512d36fbfdc1c3157f04c66b9499dd6e3d9451687688d6263a5075e44cc9ca
-
SSDEEP
24576:Vnx62v7sR55S7C9cSGfOKfUk7FsaXHSqb:VDDsH5HaDL5nXF
Static task
static1
Behavioral task
behavioral1
Sample
49d1fd020c8f136f933673d630e18d4b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
49d1fd020c8f136f933673d630e18d4b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
49d1fd020c8f136f933673d630e18d4b_JaffaCakes118
-
Size
900KB
-
MD5
49d1fd020c8f136f933673d630e18d4b
-
SHA1
b4dcb8d4a0e5822894187a5ac1825cda7489bb13
-
SHA256
8fc6b1edf12b69ec825bd1e8eb04235fc2aadca0dc13a7c29783555bb2651383
-
SHA512
58896bc70173a4ad995db5c8c2cc38d69f7c4c09fc237d1fe68f26ad36728f8e44512d36fbfdc1c3157f04c66b9499dd6e3d9451687688d6263a5075e44cc9ca
-
SSDEEP
24576:Vnx62v7sR55S7C9cSGfOKfUk7FsaXHSqb:VDDsH5HaDL5nXF
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1