3fcf616792ecfffc210495f2cab8d4964ca93f505ff8251f30b7a55eb926acf4 | Triage

Sharing

General

Target

f11f1472cc5db7022f90af2c3634c809_JaffaCakes118
Size

1000KB
Sample

240415-qblmpshc8t
MD5

f11f1472cc5db7022f90af2c3634c809
SHA1

7535fba252becd678109210d011f1526b8c86287
SHA256

3fcf616792ecfffc210495f2cab8d4964ca93f505ff8251f30b7a55eb926acf4
SHA512

b6403d48afc32c60893f9c725504549520dfe153f86b06d14444d6e2b4fe66023ca92550d2c5ef0ad1be0272d732ba954dfc47f3fce374dc4f05a8d983b05be7
SSDEEP

24576:0H1Khfp6ESE4VjsTtxBjNO2K1B+5vMiqt0gj2ed:l6xE4xsRnjNOhqOL

Score

7^/10

Malware Config

Targets

- Target
  
  f11f1472cc5db7022f90af2c3634c809_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  f11f1472cc5db7022f90af2c3634c809
- SHA1
  
  7535fba252becd678109210d011f1526b8c86287
- SHA256
  
  3fcf616792ecfffc210495f2cab8d4964ca93f505ff8251f30b7a55eb926acf4
- SHA512
  
  b6403d48afc32c60893f9c725504549520dfe153f86b06d14444d6e2b4fe66023ca92550d2c5ef0ad1be0272d732ba954dfc47f3fce374dc4f05a8d983b05be7
- SSDEEP
  
  24576:0H1Khfp6ESE4VjsTtxBjNO2K1B+5vMiqt0gj2ed:l6xE4xsRnjNOhqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2