e59275bc7c7d0762c20b293a9117b70ed775139ec0cd4f8d42c3f94e072ee501 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa6c8a6409f99df0a79bbe491f32b8d1_JaffaCakes118
Size

115KB
Sample

240419-qzt9radg84
MD5

fa6c8a6409f99df0a79bbe491f32b8d1
SHA1

b9454a430d1910a26bda663692602179a10a8cda
SHA256

e59275bc7c7d0762c20b293a9117b70ed775139ec0cd4f8d42c3f94e072ee501
SHA512

f21ca8a569fcf493e416c9b0ac08566b06aca97d255e931d500f4ee357d8eeedd1600366615c379636deaf6b2a7b1800c2373592cfa1ebb93e09ecbe4147e142
SSDEEP

3072:3JSyY9speOtZh5y8uXvg4L3ciaxZuchKzIONOozv4iYdPH2P:3kyY9geOThM8gz7ciaxBK0OnzvRYpWP

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  fa6c8a6409f99df0a79bbe491f32b8d1_JaffaCakes118
- Size
  
  115KB
- MD5
  
  fa6c8a6409f99df0a79bbe491f32b8d1
- SHA1
  
  b9454a430d1910a26bda663692602179a10a8cda
- SHA256
  
  e59275bc7c7d0762c20b293a9117b70ed775139ec0cd4f8d42c3f94e072ee501
- SHA512
  
  f21ca8a569fcf493e416c9b0ac08566b06aca97d255e931d500f4ee357d8eeedd1600366615c379636deaf6b2a7b1800c2373592cfa1ebb93e09ecbe4147e142
- SSDEEP
  
  3072:3JSyY9speOtZh5y8uXvg4L3ciaxZuchKzIONOozv4iYdPH2P:3kyY9geOThM8gz7ciaxBK0OnzvRYpWP
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence