cea524db73667eda58817ccc06f38b3ab6e577fd18cf106cc19271f613f0c05f | Triage

Sharing

General

Target

fc1bc08b2798b716bf2360166792623b_JaffaCakes118
Size

325KB
Sample

240420-gy48wsad48
MD5

fc1bc08b2798b716bf2360166792623b
SHA1

6dd40b763d93bfc5a900ede3a340865334079072
SHA256

cea524db73667eda58817ccc06f38b3ab6e577fd18cf106cc19271f613f0c05f
SHA512

2bbd311f3f1dd3e51c91e365490024e54076170b62e1c8afc07a4d6d260cfa03c970a88b18290935ec655c197db3c7b41573facaf2f06ef88bd30a9bf3427da3
SSDEEP

6144:mmNkIocFyEAzinPeGwRIO/Zqy3CuA5GpYoaikwvQ3RO4qtu3:vEuPeGwRT/A7uA3FwG

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  fc1bc08b2798b716bf2360166792623b_JaffaCakes118
- Size
  
  325KB
- MD5
  
  fc1bc08b2798b716bf2360166792623b
- SHA1
  
  6dd40b763d93bfc5a900ede3a340865334079072
- SHA256
  
  cea524db73667eda58817ccc06f38b3ab6e577fd18cf106cc19271f613f0c05f
- SHA512
  
  2bbd311f3f1dd3e51c91e365490024e54076170b62e1c8afc07a4d6d260cfa03c970a88b18290935ec655c197db3c7b41573facaf2f06ef88bd30a9bf3427da3
- SSDEEP
  
  6144:mmNkIocFyEAzinPeGwRIO/Zqy3CuA5GpYoaikwvQ3RO4qtu3:vEuPeGwRT/A7uA3FwG
Score

8^/10

evasion persistence
- Disables taskbar notifications via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2