General
-
Target
9f05e85994fb10053e78b1e7ac522e99_JaffaCakes118
-
Size
88KB
-
Sample
241126-bqwznawpft
-
MD5
9f05e85994fb10053e78b1e7ac522e99
-
SHA1
acb3b6f737bf79308bb791d044116e3804539f0f
-
SHA256
ccb6b5d240349db832910326c06e5199a093853222f2419275fc2368cee6bde7
-
SHA512
2e6df67c33fcd9976861b981b708d7c42d56eb9e2566efe41b5066a4f17cab0efd4dee8c4785ac5b354707130f130977dd8a1ae8c2fd2533195cfe64b5340f1b
-
SSDEEP
1536:nw3YT90CV/DmUU8gUrnAmMTYf3KpUoP+9aXX7A2IYzUGMD+pRR5GgEARUxq:bT9LpmSrokf3W7AdYzbMIHRQq
Malware Config
Targets
-
-
Target
9f05e85994fb10053e78b1e7ac522e99_JaffaCakes118
-
Size
88KB
-
MD5
9f05e85994fb10053e78b1e7ac522e99
-
SHA1
acb3b6f737bf79308bb791d044116e3804539f0f
-
SHA256
ccb6b5d240349db832910326c06e5199a093853222f2419275fc2368cee6bde7
-
SHA512
2e6df67c33fcd9976861b981b708d7c42d56eb9e2566efe41b5066a4f17cab0efd4dee8c4785ac5b354707130f130977dd8a1ae8c2fd2533195cfe64b5340f1b
-
SSDEEP
1536:nw3YT90CV/DmUU8gUrnAmMTYf3KpUoP+9aXX7A2IYzUGMD+pRR5GgEARUxq:bT9LpmSrokf3W7AdYzbMIHRQq
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Deletes itself
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2