0e0acb984c63b694224db112df5a56bf8e02c89291496fa69993ac5ce0fa2c1c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ecaa77d40bd580cba2c91efc9df0e178_JaffaCakes118
Size

3.6MB
Sample

240411-e2ndfafd2z
MD5

ecaa77d40bd580cba2c91efc9df0e178
SHA1

33259e04b24231b20f0be1cf16910b75b29ab910
SHA256

0e0acb984c63b694224db112df5a56bf8e02c89291496fa69993ac5ce0fa2c1c
SHA512

325c4cfd530c2c59382f451c464be4e3282687d28f220ed95b333d345d4051cb099b08adaf9e39429bc9cbdd223b2f8807c1cbb04ba4912a7b7ce4da3e6a7d27
SSDEEP

98304:5JVBQCyQ2l8gbL3HHL+Y2UftM8GSUfIjCeNfjx:jQLJ8gXHiXUftTjzZjx

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ecaa77d40bd580cba2c91efc9df0e178_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  ecaa77d40bd580cba2c91efc9df0e178
- SHA1
  
  33259e04b24231b20f0be1cf16910b75b29ab910
- SHA256
  
  0e0acb984c63b694224db112df5a56bf8e02c89291496fa69993ac5ce0fa2c1c
- SHA512
  
  325c4cfd530c2c59382f451c464be4e3282687d28f220ed95b333d345d4051cb099b08adaf9e39429bc9cbdd223b2f8807c1cbb04ba4912a7b7ce4da3e6a7d27
- SSDEEP
  
  98304:5JVBQCyQ2l8gbL3HHL+Y2UftM8GSUfIjCeNfjx:jQLJ8gXHiXUftTjzZjx
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence