7eb78d128795a818f8e81f146a133965b6297acbd7c2a92493f3891164e9d453 | Triage

Sharing

General

Target

fc4cb02afc7e18fcbe77f8107d8e7c20_JaffaCakes118
Size

506KB
Sample

240420-jx6fnscb49
MD5

fc4cb02afc7e18fcbe77f8107d8e7c20
SHA1

26f2a35b8c87f4d08e7ef08636e6a72df7fe7265
SHA256

7eb78d128795a818f8e81f146a133965b6297acbd7c2a92493f3891164e9d453
SHA512

117f17f9038b08b41207c7e1684759f29de2ec4f77029c6281e4d25264e3945c593eba060ba605c41d67fc4914195d3d2bd9c4c08ca5629e595b21a9ab5135f2
SSDEEP

12288:DX1YZFh7Ha11XnTbqBBKSp5zZSim++hqFLh:DXKWXTWXKU6im3hq/

Score

7^/10

Malware Config

Targets

- Target
  
  fc4cb02afc7e18fcbe77f8107d8e7c20_JaffaCakes118
- Size
  
  506KB
- MD5
  
  fc4cb02afc7e18fcbe77f8107d8e7c20
- SHA1
  
  26f2a35b8c87f4d08e7ef08636e6a72df7fe7265
- SHA256
  
  7eb78d128795a818f8e81f146a133965b6297acbd7c2a92493f3891164e9d453
- SHA512
  
  117f17f9038b08b41207c7e1684759f29de2ec4f77029c6281e4d25264e3945c593eba060ba605c41d67fc4914195d3d2bd9c4c08ca5629e595b21a9ab5135f2
- SSDEEP
  
  12288:DX1YZFh7Ha11XnTbqBBKSp5zZSim++hqFLh:DXKWXTWXKU6im3hq/
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2