633da75617d3138d9574e8ea51d2dfc1c9128459513cc639069c2cff18a97d49 | Triage

Sharing

General

Target

fec121c485383810ffc03b9c20ee6d79_JaffaCakes118
Size

506KB
Sample

240421-h73bbsea67
MD5

fec121c485383810ffc03b9c20ee6d79
SHA1

941a09b0d54c60565e600484ca165788b7a20d8a
SHA256

633da75617d3138d9574e8ea51d2dfc1c9128459513cc639069c2cff18a97d49
SHA512

bdc6c1efc745fe5c6efd8b4c08c0dee159ad19bcd6b329aea4c677f8a82246a7f58cb75aea7be2f8a2939d0d8bee30bf2db5e6b6aa8f51b1a1defb9230ae1b78
SSDEEP

12288:NIUSnnX7K5GI73Yn5jO9YeazpUy4kY/2LJ4RCeHiG9:NIdnrWG0YjO9YeqJOCGiG9

Score

7^/10

Malware Config

Targets

- Target
  
  fec121c485383810ffc03b9c20ee6d79_JaffaCakes118
- Size
  
  506KB
- MD5
  
  fec121c485383810ffc03b9c20ee6d79
- SHA1
  
  941a09b0d54c60565e600484ca165788b7a20d8a
- SHA256
  
  633da75617d3138d9574e8ea51d2dfc1c9128459513cc639069c2cff18a97d49
- SHA512
  
  bdc6c1efc745fe5c6efd8b4c08c0dee159ad19bcd6b329aea4c677f8a82246a7f58cb75aea7be2f8a2939d0d8bee30bf2db5e6b6aa8f51b1a1defb9230ae1b78
- SSDEEP
  
  12288:NIUSnnX7K5GI73Yn5jO9YeazpUy4kY/2LJ4RCeHiG9:NIdnrWG0YjO9YeqJOCGiG9
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2