Overview

overview

10

Static

static

10

01967b2228...kes118

macos-10.15-amd64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01967b222873966c32a1c26f66c9808b_JaffaCakes118

  • Size

    168KB

  • Sample

    240426-y471eabd73

  • MD5

    01967b222873966c32a1c26f66c9808b

  • SHA1

    7b7e645142e2a95dab09b7ff3a807f3448e06671

  • SHA256

    0404e354f51690d92b4910f43668a6c6e08ad3e1a6df8bf2f8d02bfed743c751

  • SHA512

    924ffcd3e194666f51f3fd8caa142f14608d0c4e3f87b0baccce628f38016a418f2e4063f62fc80e891efd15a981d72e4db40477d2b6e71ddfd403ebcd8e9f12

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9f0:5SeOQdaZNxtk8cqhSxvHY9

Score
10/10
evilquestexecutionmacospersistence

Malware Config

Targets

    • Target

      01967b222873966c32a1c26f66c9808b_JaffaCakes118

    • Size

      168KB

    • MD5

      01967b222873966c32a1c26f66c9808b

    • SHA1

      7b7e645142e2a95dab09b7ff3a807f3448e06671

    • SHA256

      0404e354f51690d92b4910f43668a6c6e08ad3e1a6df8bf2f8d02bfed743c751

    • SHA512

      924ffcd3e194666f51f3fd8caa142f14608d0c4e3f87b0baccce628f38016a418f2e4063f62fc80e891efd15a981d72e4db40477d2b6e71ddfd403ebcd8e9f12

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9f0:5SeOQdaZNxtk8cqhSxvHY9

    Score
    5/10
    executionpersistence

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

System Services

1
T1569

Launchctl

1
T1569.001

Persistence

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Privilege Escalation

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks