db0505fa02bb9d1986cd049d59ee0abe0302482e5d6c31d0abfca681358f9684 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e28232360658c9e815410522ce208e10_JaffaCakes118
Size

506KB
Sample

240406-pa7ywahh51
MD5

e28232360658c9e815410522ce208e10
SHA1

0009ec4a40b3a6c8482e1a54a4408df03c510af3
SHA256

db0505fa02bb9d1986cd049d59ee0abe0302482e5d6c31d0abfca681358f9684
SHA512

19b3fb17cb2eb86156c3d6faeb3b5933ce226938cbf97405cbed6f546bda442d024acb7db4ab792a114020a17cf9a79470c2778560d580c16d2e66b187f78f26
SSDEEP

12288:wBvRCdi1EUWqNFZyA8TT1+evo6lldOw7L9XAd:wzV1EU7rZjMllppS

Score

7^/10

Malware Config

Targets

- Target
  
  e28232360658c9e815410522ce208e10_JaffaCakes118
- Size
  
  506KB
- MD5
  
  e28232360658c9e815410522ce208e10
- SHA1
  
  0009ec4a40b3a6c8482e1a54a4408df03c510af3
- SHA256
  
  db0505fa02bb9d1986cd049d59ee0abe0302482e5d6c31d0abfca681358f9684
- SHA512
  
  19b3fb17cb2eb86156c3d6faeb3b5933ce226938cbf97405cbed6f546bda442d024acb7db4ab792a114020a17cf9a79470c2778560d580c16d2e66b187f78f26
- SSDEEP
  
  12288:wBvRCdi1EUWqNFZyA8TT1+evo6lldOw7L9XAd:wzV1EU7rZjMllppS
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2