70098c7733c1088dedeb1b6fcf9d26b95c833e98936a40f49b9c52a70365937f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea2721f32535e851c2ab4789f0c7821b_JaffaCakes118
Size

121KB
Sample

240409-rcl6asgh89
MD5

ea2721f32535e851c2ab4789f0c7821b
SHA1

3f2a93360288e8adac85fee768511be55c838d78
SHA256

70098c7733c1088dedeb1b6fcf9d26b95c833e98936a40f49b9c52a70365937f
SHA512

da1f458b13944b82b116fbd6af88ec8f0c2c95b1a52892ef54e0d28a0dbc42fad30b4887365b41888e9f0e4587327c005138436cef7ba8f1ea547b621353a90e
SSDEEP

1536:0W+caYNZXeWK3O9UmGGLbQd9AVaOoNTfqrvrKQr36/uInfNIOajxG/n5oscys2Ds:0WeeSOFhmmVadQTEYxk5Fsd2u

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ea2721f32535e851c2ab4789f0c7821b_JaffaCakes118
- Size
  
  121KB
- MD5
  
  ea2721f32535e851c2ab4789f0c7821b
- SHA1
  
  3f2a93360288e8adac85fee768511be55c838d78
- SHA256
  
  70098c7733c1088dedeb1b6fcf9d26b95c833e98936a40f49b9c52a70365937f
- SHA512
  
  da1f458b13944b82b116fbd6af88ec8f0c2c95b1a52892ef54e0d28a0dbc42fad30b4887365b41888e9f0e4587327c005138436cef7ba8f1ea547b621353a90e
- SSDEEP
  
  1536:0W+caYNZXeWK3O9UmGGLbQd9AVaOoNTfqrvrKQr36/uInfNIOajxG/n5oscys2Ds:0WeeSOFhmmVadQTEYxk5Fsd2u
Score

7^/10

persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2