General
-
Target
JaffaCakes118_16b76886a277b914372d8ad3da50f511
-
Size
520KB
-
Sample
250123-njqwaayjhy
-
MD5
16b76886a277b914372d8ad3da50f511
-
SHA1
375fd05f0ecfb36884ebf80aa951738e44b9481f
-
SHA256
33001f3175b74bd653f9e2cd2aafeb280820b8778d71f4f859058548f12f4c2f
-
SHA512
43e355dbabd6abef06fe6bf00c140552be70f21f43977b6973730c865c597abd61ce7032eab004ef38fc6e42d0de9a988380e5dbf049583914c3c8d433b151d7
-
SSDEEP
12288:Gy7GJaXTC4IsjkvK1gtvkUTWFnH//ZNm45eO:tXcLKGtsfx1v
Behavioral task
behavioral1
Sample
JaffaCakes118_16b76886a277b914372d8ad3da50f511.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_16b76886a277b914372d8ad3da50f511.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_16b76886a277b914372d8ad3da50f511
-
Size
520KB
-
MD5
16b76886a277b914372d8ad3da50f511
-
SHA1
375fd05f0ecfb36884ebf80aa951738e44b9481f
-
SHA256
33001f3175b74bd653f9e2cd2aafeb280820b8778d71f4f859058548f12f4c2f
-
SHA512
43e355dbabd6abef06fe6bf00c140552be70f21f43977b6973730c865c597abd61ce7032eab004ef38fc6e42d0de9a988380e5dbf049583914c3c8d433b151d7
-
SSDEEP
12288:Gy7GJaXTC4IsjkvK1gtvkUTWFnH//ZNm45eO:tXcLKGtsfx1v
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9