7911364a5f6d96a4da8878387abc1cc4e73f8a265838da7aa727e1a58b5c143e | Triage

Sharing

General

Target

f74d12e2e9133b0159329a274fd72bf6_JaffaCakes118
Size

154KB
Sample

240418-fgh4nabe93
MD5

f74d12e2e9133b0159329a274fd72bf6
SHA1

e42eaaa78f446bdd47696160bbec378a95e41d7c
SHA256

7911364a5f6d96a4da8878387abc1cc4e73f8a265838da7aa727e1a58b5c143e
SHA512

88c96e1698d2612192377e8ef9ea730a894f9f9a6298450063fe2ffc97f32188e1411d7320aa593e2ce6d8fa803b6ac6f9f860dda9392c4d5deed4db4599e21b
SSDEEP

3072:fGM2aGuzUc3qRR5nBNeno36jmaWIkG9pdH4gsTACXSroWLsLQp:ftXUIuT3enobfG9pdYTJMdILQp

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f74d12e2e9133b0159329a274fd72bf6_JaffaCakes118
- Size
  
  154KB
- MD5
  
  f74d12e2e9133b0159329a274fd72bf6
- SHA1
  
  e42eaaa78f446bdd47696160bbec378a95e41d7c
- SHA256
  
  7911364a5f6d96a4da8878387abc1cc4e73f8a265838da7aa727e1a58b5c143e
- SHA512
  
  88c96e1698d2612192377e8ef9ea730a894f9f9a6298450063fe2ffc97f32188e1411d7320aa593e2ce6d8fa803b6ac6f9f860dda9392c4d5deed4db4599e21b
- SSDEEP
  
  3072:fGM2aGuzUc3qRR5nBNeno36jmaWIkG9pdH4gsTACXSroWLsLQp:ftXUIuT3enobfG9pdYTJMdILQp
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2