General
-
Target
JaffaCakes118_77359214742f3850157b366f22ef7b01
-
Size
293KB
-
Sample
250104-dfv1qaznbr
-
MD5
77359214742f3850157b366f22ef7b01
-
SHA1
02c6c4be37d5f8c22580565a495ad3fa87801a14
-
SHA256
ad8a2390c348a87aa151a37c11733b1a3831a6296cf6b484a5d280e62c460e62
-
SHA512
744431fb74b5b0a4a7a8da3469ed28a3a1f76063c5b034033c50d9b776f7b4ed5488e0966f7becb6faa82b7e702bfba677010ef120ef850a714fe8ae6b607ad8
-
SSDEEP
6144:PqHGoq/TMf6N1xcaiLPObFH6V95K5NJK8blyXxDQAGuwVV5:P4dN+Zi7ObioNJTpyVQGsV5
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_77359214742f3850157b366f22ef7b01.exe
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_77359214742f3850157b366f22ef7b01
-
Size
293KB
-
MD5
77359214742f3850157b366f22ef7b01
-
SHA1
02c6c4be37d5f8c22580565a495ad3fa87801a14
-
SHA256
ad8a2390c348a87aa151a37c11733b1a3831a6296cf6b484a5d280e62c460e62
-
SHA512
744431fb74b5b0a4a7a8da3469ed28a3a1f76063c5b034033c50d9b776f7b4ed5488e0966f7becb6faa82b7e702bfba677010ef120ef850a714fe8ae6b607ad8
-
SSDEEP
6144:PqHGoq/TMf6N1xcaiLPObFH6V95K5NJK8blyXxDQAGuwVV5:P4dN+Zi7ObioNJTpyVQGsV5
-
Modifies firewall policy service
-
Ramnit family
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5