49c5a2607eebb86d736470a15f317f2d4684a6ef8a3eef47412147f13f4a95f3 | Triage

Sharing

General

Target

f5e38aa8ccb6b846b1c6dfb42700a6a5_JaffaCakes118
Size

1000KB
Sample

240417-qstpmsbb8z
MD5

f5e38aa8ccb6b846b1c6dfb42700a6a5
SHA1

29b4e8992e9c900eb9fa6e52625ed454a8aba0cd
SHA256

49c5a2607eebb86d736470a15f317f2d4684a6ef8a3eef47412147f13f4a95f3
SHA512

52b47181772bed42bc532a8bb614e773c5dd6731ecb76bbacf3c2a4afea648c53cfda77a92cad344a33defa854f5405afc25bf50f49c3eec4598496459519ccc
SSDEEP

24576:qwvgNIwg6Ty3X76+y2BmmCrk1B+5vMiqt0gj2ed:qwvZGz2qOL

Score

7^/10

Malware Config

Targets

- Target
  
  f5e38aa8ccb6b846b1c6dfb42700a6a5_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  f5e38aa8ccb6b846b1c6dfb42700a6a5
- SHA1
  
  29b4e8992e9c900eb9fa6e52625ed454a8aba0cd
- SHA256
  
  49c5a2607eebb86d736470a15f317f2d4684a6ef8a3eef47412147f13f4a95f3
- SHA512
  
  52b47181772bed42bc532a8bb614e773c5dd6731ecb76bbacf3c2a4afea648c53cfda77a92cad344a33defa854f5405afc25bf50f49c3eec4598496459519ccc
- SSDEEP
  
  24576:qwvgNIwg6Ty3X76+y2BmmCrk1B+5vMiqt0gj2ed:qwvZGz2qOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2