9f07465e6c0aeafc456d49fdc029780b34c7b53721aa5672898aff832b5e0ea8 | Triage

Sharing

General

Target

f0253777c9e1cdb4d30bb55d208975ad_JaffaCakes118
Size

1000KB
Sample

240415-dht67sff3s
MD5

f0253777c9e1cdb4d30bb55d208975ad
SHA1

85a63898cc13b5193859c7fdf95da74c693b014f
SHA256

9f07465e6c0aeafc456d49fdc029780b34c7b53721aa5672898aff832b5e0ea8
SHA512

2cfd0bbaa4308a0a4d6afae77630a9477ca086c3f47158b2408a6366a4b8952afb930ccdaf4eb2c8cea33fb46545f4e8f5178db1494f784c1a05554728ed965d
SSDEEP

24576:FyapGo7uS08F8+CI7Jg+kWrijpmjceocSwK7S1B+5vMiqt0gj2ed:MapGoau8GCJ38YAKMqOL

Score

7^/10

Malware Config

Targets

- Target
  
  f0253777c9e1cdb4d30bb55d208975ad_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  f0253777c9e1cdb4d30bb55d208975ad
- SHA1
  
  85a63898cc13b5193859c7fdf95da74c693b014f
- SHA256
  
  9f07465e6c0aeafc456d49fdc029780b34c7b53721aa5672898aff832b5e0ea8
- SHA512
  
  2cfd0bbaa4308a0a4d6afae77630a9477ca086c3f47158b2408a6366a4b8952afb930ccdaf4eb2c8cea33fb46545f4e8f5178db1494f784c1a05554728ed965d
- SSDEEP
  
  24576:FyapGo7uS08F8+CI7Jg+kWrijpmjceocSwK7S1B+5vMiqt0gj2ed:MapGoau8GCJ38YAKMqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2