Overview

overview

10

Static

static

10

029f80ed20...kes118

macos-10.15-amd64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    029f80ed204a2586fa3294a45911f978_JaffaCakes118

  • Size

    168KB

  • Sample

    240427-g5qdbade7y

  • MD5

    029f80ed204a2586fa3294a45911f978

  • SHA1

    3a413fe4ef416bb222467962225d2c7072b62a86

  • SHA256

    64a8295fa9d8080ac894f3d5f40993b502fdb5887bdbbe7a1d98163026506ef5

  • SHA512

    2c58ac58b14440c332f2ea479f93f3d3eedcd1a396320378acef7d57919649efe62c3d3a64c6606dd84ae91c792392e993dc30feeaaec762a8f763144d012b4b

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9w0:5SeOQdaZNxtk8cqhSxvHY9

Score
10/10
evilquestevasionexecutionmacospersistence

Malware Config

Targets

    • Target

      029f80ed204a2586fa3294a45911f978_JaffaCakes118

    • Size

      168KB

    • MD5

      029f80ed204a2586fa3294a45911f978

    • SHA1

      3a413fe4ef416bb222467962225d2c7072b62a86

    • SHA256

      64a8295fa9d8080ac894f3d5f40993b502fdb5887bdbbe7a1d98163026506ef5

    • SHA512

      2c58ac58b14440c332f2ea479f93f3d3eedcd1a396320378acef7d57919649efe62c3d3a64c6606dd84ae91c792392e993dc30feeaaec762a8f763144d012b4b

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9w0:5SeOQdaZNxtk8cqhSxvHY9

    Score
    5/10
    evasionexecutionpersistence

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

System Services

1
T1569

Launchctl

1
T1569.001

Persistence

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Privilege Escalation

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Defense Evasion

Hide Artifacts

1
T1564

Resource Forking

1
T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks