5384c1449aaed9160bf2aa3a95fed461e0c5f8eed155ea682c850af84caabe82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe563fa0d861b1dc03019a819ae7323f_JaffaCakes118
Size

1000KB
Sample

240421-d62k7aaa52
MD5

fe563fa0d861b1dc03019a819ae7323f
SHA1

3a42dcf46fe0401dd179168444f519199abc189c
SHA256

5384c1449aaed9160bf2aa3a95fed461e0c5f8eed155ea682c850af84caabe82
SHA512

0e632207dff90db2eca7152a3a10ce547ec016cbf5665cdf11597902543a7f6006a6ee506d92779df2d1e7e5c5354856812201e6e2f029b6c724432b928158e2
SSDEEP

24576:jHe8+bl52pBmHSOpZDlZcKk3gJoUVa+GLDuMOFjd1B+5vMiqt0gj2ed:jEbSSHSA8/MqOL

Score

7^/10

Malware Config

Targets

- Target
  
  fe563fa0d861b1dc03019a819ae7323f_JaffaCakes118
- Size
  
  1000KB
- MD5
  
  fe563fa0d861b1dc03019a819ae7323f
- SHA1
  
  3a42dcf46fe0401dd179168444f519199abc189c
- SHA256
  
  5384c1449aaed9160bf2aa3a95fed461e0c5f8eed155ea682c850af84caabe82
- SHA512
  
  0e632207dff90db2eca7152a3a10ce547ec016cbf5665cdf11597902543a7f6006a6ee506d92779df2d1e7e5c5354856812201e6e2f029b6c724432b928158e2
- SSDEEP
  
  24576:jHe8+bl52pBmHSOpZDlZcKk3gJoUVa+GLDuMOFjd1B+5vMiqt0gj2ed:jEbSSHSA8/MqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2