5a5130480a698b298c9a2ec308a9a5c8061469f519ed75cc7f5e9ce6dace1418 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f789d4a9081a5352ec60b493d42263b0_JaffaCakes118
Size

506KB
Sample

240418-jbsmpagb4v
MD5

f789d4a9081a5352ec60b493d42263b0
SHA1

1e038d9ca24045e44bb4be95bc25530b7c923427
SHA256

5a5130480a698b298c9a2ec308a9a5c8061469f519ed75cc7f5e9ce6dace1418
SHA512

99874d681726c6a227aa919fe99dd08d01e499cca8f9f9c89dd18a70125a875a959d946c8367f5da96bfeec3b8ad206c37605299d312b18c01e1667ee9b18b45
SSDEEP

12288:WHx9XdzruV3nmevrmta8Ji76Lk29fcazB8tM9EbtLzZF:oJzrudmevdxAkKZzyM9EblzX

Score

7^/10

Malware Config

Targets

- Target
  
  f789d4a9081a5352ec60b493d42263b0_JaffaCakes118
- Size
  
  506KB
- MD5
  
  f789d4a9081a5352ec60b493d42263b0
- SHA1
  
  1e038d9ca24045e44bb4be95bc25530b7c923427
- SHA256
  
  5a5130480a698b298c9a2ec308a9a5c8061469f519ed75cc7f5e9ce6dace1418
- SHA512
  
  99874d681726c6a227aa919fe99dd08d01e499cca8f9f9c89dd18a70125a875a959d946c8367f5da96bfeec3b8ad206c37605299d312b18c01e1667ee9b18b45
- SSDEEP
  
  12288:WHx9XdzruV3nmevrmta8Ji76Lk29fcazB8tM9EbtLzZF:oJzrudmevdxAkKZzyM9EblzX
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2