44ba5a67e248971a95a158c717e1992a22ab3aba885ad2bd7e87a0a08e675eda | Triage

Sharing

General

Target

049a29aeca8fba6e34578aa0c9253930_JaffaCakes118
Size

811KB
Sample

240428-hjq86aae3y
MD5

049a29aeca8fba6e34578aa0c9253930
SHA1

e7ecb4986f8021a2f00fd0ecf85830560af705d1
SHA256

44ba5a67e248971a95a158c717e1992a22ab3aba885ad2bd7e87a0a08e675eda
SHA512

74ded4e3b7eb529950cc9c80c3ddc5f99a045b23f05d706d68044e078a852f27a5dae40b74a4cb5b708c53d4a11d2a0dc8850c1c7402ebd36ce6433d2d916d1a
SSDEEP

12288:k4h4Cf7KAR+WlAJFUKGPXrWXwX9jrhnfjeDQ6fEVGL0HGrzTUcFTG3Wx0:/4pWlAJtAX9XRfqR8mrzw6fx0

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  049a29aeca8fba6e34578aa0c9253930_JaffaCakes118
- Size
  
  811KB
- MD5
  
  049a29aeca8fba6e34578aa0c9253930
- SHA1
  
  e7ecb4986f8021a2f00fd0ecf85830560af705d1
- SHA256
  
  44ba5a67e248971a95a158c717e1992a22ab3aba885ad2bd7e87a0a08e675eda
- SHA512
  
  74ded4e3b7eb529950cc9c80c3ddc5f99a045b23f05d706d68044e078a852f27a5dae40b74a4cb5b708c53d4a11d2a0dc8850c1c7402ebd36ce6433d2d916d1a
- SSDEEP
  
  12288:k4h4Cf7KAR+WlAJFUKGPXrWXwX9jrhnfjeDQ6fEVGL0HGrzTUcFTG3Wx0:/4pWlAJtAX9XRfqR8mrzw6fx0
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

evasionpersistencetrojan