587cf8ca5116086d57611f639e73ec447a9f363142b13018eac036a5d2158b1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa36c02517c2988a3349ed7e0856585c_JaffaCakes118
Size

100KB
Sample

240419-nrfehsbe3z
MD5

fa36c02517c2988a3349ed7e0856585c
SHA1

723a496ad565b92755d60f8c5d221381ecaab7d2
SHA256

587cf8ca5116086d57611f639e73ec447a9f363142b13018eac036a5d2158b1d
SHA512

e95d4ef02f92f2c9d0ed0393c490054e0d525a24d2557c9e8fdc732c04680e49897ce71c14f71e9423f7d0369bef44fc4b045891c1e6f15e5137937a1968b034
SSDEEP

3072:b76PLZc4uQx0RFW0awox+MSSdyKIktklIo+/d:/6PLZcPQP0q0nSQBktkeo+V

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  fa36c02517c2988a3349ed7e0856585c_JaffaCakes118
- Size
  
  100KB
- MD5
  
  fa36c02517c2988a3349ed7e0856585c
- SHA1
  
  723a496ad565b92755d60f8c5d221381ecaab7d2
- SHA256
  
  587cf8ca5116086d57611f639e73ec447a9f363142b13018eac036a5d2158b1d
- SHA512
  
  e95d4ef02f92f2c9d0ed0393c490054e0d525a24d2557c9e8fdc732c04680e49897ce71c14f71e9423f7d0369bef44fc4b045891c1e6f15e5137937a1968b034
- SSDEEP
  
  3072:b76PLZc4uQx0RFW0awox+MSSdyKIktklIo+/d:/6PLZcPQP0q0nSQBktkeo+V
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2