General
-
Target
49c8a036eae3c0e9e599a53d98113cb2_JaffaCakes118
-
Size
521KB
-
Sample
241015-yxsxxayenj
-
MD5
49c8a036eae3c0e9e599a53d98113cb2
-
SHA1
f6d872357b267e988a9ad33a196bd04eef42deb7
-
SHA256
e4e34486b6399b398c6262e7ff84a80620f3bd812682f3414ec91c362df7b957
-
SHA512
07fed586edcf61215daf6d9d6e52bb7e906fbaf8998e3b6e251a0d6097b5fa32107cf3cfa98e235ec535cd3646b532fcf72275f7ede92244f0a9ce8473d7a7df
-
SSDEEP
6144:N25mswOyIZjyMrmhc2TawqaOt2da2k78qh90GiTwXw35lk9jgvy89:N2wRIZgFOJDz9fA35lk9N
Static task
static1
Behavioral task
behavioral1
Sample
49c8a036eae3c0e9e599a53d98113cb2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
49c8a036eae3c0e9e599a53d98113cb2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
49c8a036eae3c0e9e599a53d98113cb2_JaffaCakes118
-
Size
521KB
-
MD5
49c8a036eae3c0e9e599a53d98113cb2
-
SHA1
f6d872357b267e988a9ad33a196bd04eef42deb7
-
SHA256
e4e34486b6399b398c6262e7ff84a80620f3bd812682f3414ec91c362df7b957
-
SHA512
07fed586edcf61215daf6d9d6e52bb7e906fbaf8998e3b6e251a0d6097b5fa32107cf3cfa98e235ec535cd3646b532fcf72275f7ede92244f0a9ce8473d7a7df
-
SSDEEP
6144:N25mswOyIZjyMrmhc2TawqaOt2da2k78qh90GiTwXw35lk9jgvy89:N2wRIZgFOJDz9fA35lk9N
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3