bc5a96e359d076af305aeb123c8dab96c6a6cbfb79ea66469f290b54a69eb9b3 | Triage

Sharing

General

Target

ed05944ea3f3d8d0e0ad112f0a5c1b85_JaffaCakes118
Size

1000KB
Sample

240411-kntk7afh79
MD5

ed05944ea3f3d8d0e0ad112f0a5c1b85
SHA1

7bbfafe48f310c86e54a006e7a291c0e6309e900
SHA256

bc5a96e359d076af305aeb123c8dab96c6a6cbfb79ea66469f290b54a69eb9b3
SHA512

2e6d43b83b38f64bd8219b36110bd5b12de53d2310c16c0789571bb3a66c7cc29eda8e7e3042aadb9fc7f8ffc384346fc0124d32fd6b1fbaa84ac613193985e2
SSDEEP

24576:LnHML+EbDwt1yRWtbApzqj1B+5vMiqt0gj2ed:LU+1AEbA5kqOL

Score

7^/10

Malware Config

Targets

- Target
  
  ed05944ea3f3d8d0e0ad112f0a5c1b85_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  ed05944ea3f3d8d0e0ad112f0a5c1b85
- SHA1
  
  7bbfafe48f310c86e54a006e7a291c0e6309e900
- SHA256
  
  bc5a96e359d076af305aeb123c8dab96c6a6cbfb79ea66469f290b54a69eb9b3
- SHA512
  
  2e6d43b83b38f64bd8219b36110bd5b12de53d2310c16c0789571bb3a66c7cc29eda8e7e3042aadb9fc7f8ffc384346fc0124d32fd6b1fbaa84ac613193985e2
- SSDEEP
  
  24576:LnHML+EbDwt1yRWtbApzqj1B+5vMiqt0gj2ed:LU+1AEbA5kqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2