5ccca889b91918e57eaca60240ff5efc90aa2d3253e2913c78f1d3df8aa2b223 | Triage

Sharing

General

Target

f854fa12f7169800382bd8f368db4631_JaffaCakes118
Size

506KB
Sample

240418-tr73esae6y
MD5

f854fa12f7169800382bd8f368db4631
SHA1

6d8a0d0f51e7eae50c0dfef1c774ffeb2c743540
SHA256

5ccca889b91918e57eaca60240ff5efc90aa2d3253e2913c78f1d3df8aa2b223
SHA512

40c74bea15de524191d375ddaf66253f7871796d68c836ade25791a0e46a60cf3eb9659f69734e168a76bb29654766ec0ef47db981b35728416a253b874df6b6
SSDEEP

12288:2UBkXyZJao6faEIdhlb1rR7d7ioHTLIlgpAGxS:2AkIIyhlbNFdWoHPIws

Score

7^/10

Malware Config

Targets

- Target
  
  f854fa12f7169800382bd8f368db4631_JaffaCakes118
- Size
  
  506KB
- MD5
  
  f854fa12f7169800382bd8f368db4631
- SHA1
  
  6d8a0d0f51e7eae50c0dfef1c774ffeb2c743540
- SHA256
  
  5ccca889b91918e57eaca60240ff5efc90aa2d3253e2913c78f1d3df8aa2b223
- SHA512
  
  40c74bea15de524191d375ddaf66253f7871796d68c836ade25791a0e46a60cf3eb9659f69734e168a76bb29654766ec0ef47db981b35728416a253b874df6b6
- SSDEEP
  
  12288:2UBkXyZJao6faEIdhlb1rR7d7ioHTLIlgpAGxS:2AkIIyhlbNFdWoHPIws
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2