698373b437c3a373c5150f70f79bfd57ac7044501ebd7600767616dbb7b2a3d1 | Triage

Sharing

General

Target

ecfb1315921bb073a68c6ba62a0a6058_JaffaCakes118
Size

29KB
Sample

240411-j9rs2saf6y
MD5

ecfb1315921bb073a68c6ba62a0a6058
SHA1

292f3644a8cc5a48f6f973cc5e5877e9dfc866fd
SHA256

698373b437c3a373c5150f70f79bfd57ac7044501ebd7600767616dbb7b2a3d1
SHA512

1de326162133ee0e1fb7597fb5033e4f01831fe29125d85f716d05630b1a732a0e544e959b0343a4fed4954ddf258e9f3a0ce588a04a7732fb27348cc3d5425b
SSDEEP

384:DgXz6HmWSMXtWYjfvOqADvaWj90XcQfg/7lY77x8pM+1CL9A1FLuDenlwL98mhWj:MXz6HmoXtxj389M7Sl1CwFLPO95Jnn8

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ecfb1315921bb073a68c6ba62a0a6058_JaffaCakes118
- Size
  
  29KB
- MD5
  
  ecfb1315921bb073a68c6ba62a0a6058
- SHA1
  
  292f3644a8cc5a48f6f973cc5e5877e9dfc866fd
- SHA256
  
  698373b437c3a373c5150f70f79bfd57ac7044501ebd7600767616dbb7b2a3d1
- SHA512
  
  1de326162133ee0e1fb7597fb5033e4f01831fe29125d85f716d05630b1a732a0e544e959b0343a4fed4954ddf258e9f3a0ce588a04a7732fb27348cc3d5425b
- SSDEEP
  
  384:DgXz6HmWSMXtWYjfvOqADvaWj90XcQfg/7lY77x8pM+1CL9A1FLuDenlwL98mhWj:MXz6HmoXtxj389M7Sl1CwFLPO95Jnn8
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence