b3840c4a0059c3c20aed1f58da814c695bd08d9c7d5207a7553a341f7e02b1b5 | Triage

Sharing

General

Target

f215c8813bf453f08b9231feff9d5f9e_JaffaCakes118
Size

506KB
Sample

240415-2j6hmacc3z
MD5

f215c8813bf453f08b9231feff9d5f9e
SHA1

2c330cfc6acd062cd07764f8cf16230584a58a11
SHA256

b3840c4a0059c3c20aed1f58da814c695bd08d9c7d5207a7553a341f7e02b1b5
SHA512

fa15ee33f25aef78f841914ab52681aae7b9c6fe4c8fc68b47ce98541383122be07b9c1e2ad6c3a1667247c05141af1dbebc6caccdaffc4d62585838c5622a81
SSDEEP

12288:Ep+rfmK5RgmuWPOXbUjtsm3AFsMMU8oxQLxCAPq:tLmK5RglIOgjFwdMU12LxVy

Score

7^/10

Malware Config

Targets

- Target
  
  f215c8813bf453f08b9231feff9d5f9e_JaffaCakes118
- Size
  
  506KB
- MD5
  
  f215c8813bf453f08b9231feff9d5f9e
- SHA1
  
  2c330cfc6acd062cd07764f8cf16230584a58a11
- SHA256
  
  b3840c4a0059c3c20aed1f58da814c695bd08d9c7d5207a7553a341f7e02b1b5
- SHA512
  
  fa15ee33f25aef78f841914ab52681aae7b9c6fe4c8fc68b47ce98541383122be07b9c1e2ad6c3a1667247c05141af1dbebc6caccdaffc4d62585838c5622a81
- SSDEEP
  
  12288:Ep+rfmK5RgmuWPOXbUjtsm3AFsMMU8oxQLxCAPq:tLmK5RglIOgjFwdMU12LxVy
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2