3547fc95b06ac0fb272eb71be7ddda105b71238e0ea6913817585b11738e058b | Triage

Sharing

General

Target

ec8f10cd5a351b1dc52d5a7974904c38_JaffaCakes118
Size

506KB
Sample

240411-dtvbcaea2t
MD5

ec8f10cd5a351b1dc52d5a7974904c38
SHA1

12856173cbccdc7093057022651e8b4eec70de67
SHA256

3547fc95b06ac0fb272eb71be7ddda105b71238e0ea6913817585b11738e058b
SHA512

fa3c035a1263ff5745c16ca44647e8be49a8f0de541dc252796bc9042ab75ed99ae1dc0f520f72cb10f5b85b7fced39b421118fe596143d611a970894b3211b5
SSDEEP

12288:9Q85QeUiRDHp7o9MwWbunsn9y+qXREnaECDKa:9D5fHN7oWZ3YR+a

Score

7^/10

Malware Config

Targets

- Target
  
  ec8f10cd5a351b1dc52d5a7974904c38_JaffaCakes118
- Size
  
  506KB
- MD5
  
  ec8f10cd5a351b1dc52d5a7974904c38
- SHA1
  
  12856173cbccdc7093057022651e8b4eec70de67
- SHA256
  
  3547fc95b06ac0fb272eb71be7ddda105b71238e0ea6913817585b11738e058b
- SHA512
  
  fa3c035a1263ff5745c16ca44647e8be49a8f0de541dc252796bc9042ab75ed99ae1dc0f520f72cb10f5b85b7fced39b421118fe596143d611a970894b3211b5
- SSDEEP
  
  12288:9Q85QeUiRDHp7o9MwWbunsn9y+qXREnaECDKa:9D5fHN7oWZ3YR+a
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2