General

  • Target

    JaffaCakes118_43974d571cdce05f9cbd522b435d2a66

  • Size

    85KB

  • Sample

    250127-zpvbfavnds

  • MD5

    43974d571cdce05f9cbd522b435d2a66

  • SHA1

    1dae53a1f90c6d6f24bd4f6225627882b72101ee

  • SHA256

    e073eb1346c6e6e767898975e3a88df457e3e56f44e229654a1a98a9495b6937

  • SHA512

    3c31af9d1f8ea89546f3b84b50aff817d9642fd55cd1676a085f97ad8e19188c1b05a797c0f310e8b7929198d8a392af9a83bbec6d1195b71fa7d67dd9e21295

  • SSDEEP

    1536:JqWYq+V2A7LSXTvXtH+04FZY0cqEW7rFXHVbXFHY5pxnlm5EjGprIK98s:JXP+V2AaXTZ+04FG0cqEQXHZXFHK45ES

Malware Config

Targets

    • Target

      JaffaCakes118_43974d571cdce05f9cbd522b435d2a66

    • Size

      85KB

    • MD5

      43974d571cdce05f9cbd522b435d2a66

    • SHA1

      1dae53a1f90c6d6f24bd4f6225627882b72101ee

    • SHA256

      e073eb1346c6e6e767898975e3a88df457e3e56f44e229654a1a98a9495b6937

    • SHA512

      3c31af9d1f8ea89546f3b84b50aff817d9642fd55cd1676a085f97ad8e19188c1b05a797c0f310e8b7929198d8a392af9a83bbec6d1195b71fa7d67dd9e21295

    • SSDEEP

      1536:JqWYq+V2A7LSXTvXtH+04FZY0cqEW7rFXHVbXFHY5pxnlm5EjGprIK98s:JXP+V2AaXTZ+04FG0cqEQXHZXFHK45ES

    • Modifies Windows Defender DisableAntiSpyware settings

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks