General
-
Target
90c0699438847c2ccf41e8ce2f9783a3_JaffaCakes118
-
Size
564KB
-
Sample
241123-1a6atsxmfw
-
MD5
90c0699438847c2ccf41e8ce2f9783a3
-
SHA1
7b9e225429a2f2970eea3a00b1a6467a58341f76
-
SHA256
97c2223fee7432588205715ada347b94ffbaa4b1692d38e4ac2efeb7d4617fa5
-
SHA512
8ef707d155946272898e4dae0b914aae34db02bec10c80f1e9bd0c677c87b3133cf4c4feadce242a8bc256c74fe5f18bba55ec359e8806e9e62b42bf5c9fd87f
-
SSDEEP
12288:bXo450qjYthuCNIm/kqF6a2FjyHIDiI4Ov1yNbzAFLZjFv:y/ku6FjyHel4Ov1ymP5
Static task
static1
Behavioral task
behavioral1
Sample
90c0699438847c2ccf41e8ce2f9783a3_JaffaCakes118.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
90c0699438847c2ccf41e8ce2f9783a3_JaffaCakes118
-
Size
564KB
-
MD5
90c0699438847c2ccf41e8ce2f9783a3
-
SHA1
7b9e225429a2f2970eea3a00b1a6467a58341f76
-
SHA256
97c2223fee7432588205715ada347b94ffbaa4b1692d38e4ac2efeb7d4617fa5
-
SHA512
8ef707d155946272898e4dae0b914aae34db02bec10c80f1e9bd0c677c87b3133cf4c4feadce242a8bc256c74fe5f18bba55ec359e8806e9e62b42bf5c9fd87f
-
SSDEEP
12288:bXo450qjYthuCNIm/kqF6a2FjyHIDiI4Ov1yNbzAFLZjFv:y/ku6FjyHel4Ov1ymP5
-
Ramnit family
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3