6efef04d71bd6e7dec5744c4edbb607fde3ab29e65fd57ac2cd5bc077e2a96e9 | Triage

Sharing

General

Target

e76b594d80a25a503ff4bf0085a0cdb3_JaffaCakes118
Size

506KB
Sample

240408-n71qdsbh9z
MD5

e76b594d80a25a503ff4bf0085a0cdb3
SHA1

e6c000a09b8a1e625b73493950803677fd4e6dfa
SHA256

6efef04d71bd6e7dec5744c4edbb607fde3ab29e65fd57ac2cd5bc077e2a96e9
SHA512

a12d04687b5669a042082151704e3002a76c7f6089a9751bec85c2665a068187206bb51c19ae6373d812f449fbe7131762ec36f0b87cadf9658cc74b73a31b1e
SSDEEP

12288:sy/4USGxg87XfAIkhnhvUXgfhmzBb5r90yFt9qWKfiOJ8JV:sx/CggPAI4SXgpmvuy9EiOJ8X

Score

7^/10

Malware Config

Targets

- Target
  
  e76b594d80a25a503ff4bf0085a0cdb3_JaffaCakes118
- Size
  
  506KB
- MD5
  
  e76b594d80a25a503ff4bf0085a0cdb3
- SHA1
  
  e6c000a09b8a1e625b73493950803677fd4e6dfa
- SHA256
  
  6efef04d71bd6e7dec5744c4edbb607fde3ab29e65fd57ac2cd5bc077e2a96e9
- SHA512
  
  a12d04687b5669a042082151704e3002a76c7f6089a9751bec85c2665a068187206bb51c19ae6373d812f449fbe7131762ec36f0b87cadf9658cc74b73a31b1e
- SSDEEP
  
  12288:sy/4USGxg87XfAIkhnhvUXgfhmzBb5r90yFt9qWKfiOJ8JV:sx/CggPAI4SXgpmvuy9EiOJ8X
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2