111907de06cae4e6c5d830e5b098a84afaf5b8f2ddca12291548b2ab6d08540a | Triage

Sharing

General

Target

f6cbdac80682412947502c18b61e71c0_JaffaCakes118
Size

1000KB
Sample

240417-3c86lshd98
MD5

f6cbdac80682412947502c18b61e71c0
SHA1

94e3560637720a18f92f97f96617e8818c4fcf80
SHA256

111907de06cae4e6c5d830e5b098a84afaf5b8f2ddca12291548b2ab6d08540a
SHA512

76577e4462b4aefe93c8924279f81a3285df62f225f7ff11ded0885b0af1a94a570c9a501f539c0699d8d4b351d28c96d955c0c3b4c0127c4b54ae3d5ca981aa
SSDEEP

24576:umZRLGMlUg4DkG+08UBOqylbV81B+5vMiqt0gj2ed:umAfoGl7QWqOL

Score

7^/10

Malware Config

Targets

- Target
  
  f6cbdac80682412947502c18b61e71c0_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  f6cbdac80682412947502c18b61e71c0
- SHA1
  
  94e3560637720a18f92f97f96617e8818c4fcf80
- SHA256
  
  111907de06cae4e6c5d830e5b098a84afaf5b8f2ddca12291548b2ab6d08540a
- SHA512
  
  76577e4462b4aefe93c8924279f81a3285df62f225f7ff11ded0885b0af1a94a570c9a501f539c0699d8d4b351d28c96d955c0c3b4c0127c4b54ae3d5ca981aa
- SSDEEP
  
  24576:umZRLGMlUg4DkG+08UBOqylbV81B+5vMiqt0gj2ed:umAfoGl7QWqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2