85171ac795f63009a2e26ee46e43ae0e1704b64999376b47cfc2743648619155 | Triage

Sharing

General

Target

f7fc7dfefbaf514d5694d4ac5c3568b4_JaffaCakes118
Size

1000KB
Sample

240418-plhhcsdb28
MD5

f7fc7dfefbaf514d5694d4ac5c3568b4
SHA1

f76a636ea12ffb34683d9bcd4d9b4f288c85828c
SHA256

85171ac795f63009a2e26ee46e43ae0e1704b64999376b47cfc2743648619155
SHA512

12c14e07f05cdc0a0f9fb8c2c410999d577da3f13f5d0da57701073eef0ed2eb7203e801606fd45cc70680a35410816ee6c255732c70870230b96efd243ebe8d
SSDEEP

24576:4FVMoeOmaKqw6R6aux41vDfWCFl5/1B+5vMiqt0gj2ed:QMoeOmLe6aqiKIBqOL

Score

7^/10

Malware Config

Targets

- Target
  
  f7fc7dfefbaf514d5694d4ac5c3568b4_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  f7fc7dfefbaf514d5694d4ac5c3568b4
- SHA1
  
  f76a636ea12ffb34683d9bcd4d9b4f288c85828c
- SHA256
  
  85171ac795f63009a2e26ee46e43ae0e1704b64999376b47cfc2743648619155
- SHA512
  
  12c14e07f05cdc0a0f9fb8c2c410999d577da3f13f5d0da57701073eef0ed2eb7203e801606fd45cc70680a35410816ee6c255732c70870230b96efd243ebe8d
- SSDEEP
  
  24576:4FVMoeOmaKqw6R6aux41vDfWCFl5/1B+5vMiqt0gj2ed:QMoeOmLe6aqiKIBqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2