06b6c84ebcba9a422c5d10de4ef064ab28af961bc149b84ffd2b85a14fd30980 | Triage

Sharing

General

Target

f9faa48c0d8677b4c9470a26929e9b63_JaffaCakes118
Size

1012KB
Sample

240419-k5yw8sde26
MD5

f9faa48c0d8677b4c9470a26929e9b63
SHA1

c3e7f6c7f5ac9f56e9b6a0d2d9071ad3f3ec953d
SHA256

06b6c84ebcba9a422c5d10de4ef064ab28af961bc149b84ffd2b85a14fd30980
SHA512

60d2654f74d1d1ca052a0e3052f94fcb0c9b7c25bf26098527c7e590ecc6d7348b8886afb2ab0a30c1781ff05fb5299f4627b5c0490d4fa9bc03d3d5c0a65f50
SSDEEP

12288:RnEpYUInHoDL8j8H4CrFohU9VJsU12Ycx9VECaBwQ2tb5JLrnylUPqt0gHDS7eyC:fUIHoH/rb77Hca1B+5vMiqt0gj2eR

Score

7^/10

Malware Config

Targets

- Target
  
  f9faa48c0d8677b4c9470a26929e9b63_JaffaCakes118
- Size
  
  1012KB
- MD5
  
  f9faa48c0d8677b4c9470a26929e9b63
- SHA1
  
  c3e7f6c7f5ac9f56e9b6a0d2d9071ad3f3ec953d
- SHA256
  
  06b6c84ebcba9a422c5d10de4ef064ab28af961bc149b84ffd2b85a14fd30980
- SHA512
  
  60d2654f74d1d1ca052a0e3052f94fcb0c9b7c25bf26098527c7e590ecc6d7348b8886afb2ab0a30c1781ff05fb5299f4627b5c0490d4fa9bc03d3d5c0a65f50
- SSDEEP
  
  12288:RnEpYUInHoDL8j8H4CrFohU9VJsU12Ycx9VECaBwQ2tb5JLrnylUPqt0gHDS7eyC:fUIHoH/rb77Hca1B+5vMiqt0gj2eR
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2