7589f61801730968e75c42decee7a8f67d826c9b67fdbe2b387d9e55709a489f | Triage

Sharing

General

Target

ed7775b9e0430f00ba43a44240e3448e_JaffaCakes118
Size

1000KB
Sample

240411-p4pdmabh37
MD5

ed7775b9e0430f00ba43a44240e3448e
SHA1

2cdad3c2262507a37bc2a618b64408291576836f
SHA256

7589f61801730968e75c42decee7a8f67d826c9b67fdbe2b387d9e55709a489f
SHA512

b97b5de32b343b01cdceb95fadc94a3aa0acbfdd8a9e6773695a7c2e325c41cd8535b149779f27d2222c505d9e1f0244c26df8dc1f025860d0bec1ed305e03c8
SSDEEP

24576:LccpnK0ELTRbJw0yu531B+5vMiqt0gj2ed:J6UZ0qOL

Score

7^/10

Malware Config

Targets

- Target
  
  ed7775b9e0430f00ba43a44240e3448e_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  ed7775b9e0430f00ba43a44240e3448e
- SHA1
  
  2cdad3c2262507a37bc2a618b64408291576836f
- SHA256
  
  7589f61801730968e75c42decee7a8f67d826c9b67fdbe2b387d9e55709a489f
- SHA512
  
  b97b5de32b343b01cdceb95fadc94a3aa0acbfdd8a9e6773695a7c2e325c41cd8535b149779f27d2222c505d9e1f0244c26df8dc1f025860d0bec1ed305e03c8
- SSDEEP
  
  24576:LccpnK0ELTRbJw0yu531B+5vMiqt0gj2ed:J6UZ0qOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2