2657b39661efb1b3fb0cc5fbf2328183bd65b8d1e4d69a085b3088993a7f6e29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f88dc792c27a883f781a03991ca51e53_JaffaCakes118
Size

506KB
Sample

240418-xknxradb2y
MD5

f88dc792c27a883f781a03991ca51e53
SHA1

c0d031e7fa7d7c143a737953411c86ce4d6c9424
SHA256

2657b39661efb1b3fb0cc5fbf2328183bd65b8d1e4d69a085b3088993a7f6e29
SHA512

fc5baa654c4c5097407a16503e25e606644c218af2f64d0d3772dc0e93908ce3f19061083d64814038742e2ae0081f8a01d6718711473ab4f39f9165e15e188b
SSDEEP

12288:AcSDQEbrHbxiHbMJw+nexcsOpC14BQr1nSInFDbu7H47so9+:AcIQ6bw7MpS3//Bi7HE7Q

Score

7^/10

Malware Config

Targets

- Target
  
  f88dc792c27a883f781a03991ca51e53_JaffaCakes118
- Size
  
  506KB
- MD5
  
  f88dc792c27a883f781a03991ca51e53
- SHA1
  
  c0d031e7fa7d7c143a737953411c86ce4d6c9424
- SHA256
  
  2657b39661efb1b3fb0cc5fbf2328183bd65b8d1e4d69a085b3088993a7f6e29
- SHA512
  
  fc5baa654c4c5097407a16503e25e606644c218af2f64d0d3772dc0e93908ce3f19061083d64814038742e2ae0081f8a01d6718711473ab4f39f9165e15e188b
- SSDEEP
  
  12288:AcSDQEbrHbxiHbMJw+nexcsOpC14BQr1nSInFDbu7H47so9+:AcIQ6bw7MpS3//Bi7HE7Q
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2