326eef0967eb1591dcebf7298b63fb0f88b81eafabb65f3abe3c193504a50599 | Triage

Sharing

General

Target

031a143c4571afc78b1bcc0d7a13f238_JaffaCakes118
Size

815KB
Sample

240427-m4at5ahb42
MD5

031a143c4571afc78b1bcc0d7a13f238
SHA1

cb0a39662412de6292496f4a36741e9f039b0f72
SHA256

326eef0967eb1591dcebf7298b63fb0f88b81eafabb65f3abe3c193504a50599
SHA512

9fd17faddea8aa27a23457eb9149eafa49d17ded3063d90c92a6995e3ebd44ddea9e63247db907fbee1e8742a65fc7351177c4aceb60f6c657e17ce82755bf16
SSDEEP

24576:/zcVCgb5WSMYOVRbF8EYHBVomdSlxGQ7i/UbA5LEwkL:/WCWWlVRbrYDAl7ikAyL

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  031a143c4571afc78b1bcc0d7a13f238_JaffaCakes118
- Size
  
  815KB
- MD5
  
  031a143c4571afc78b1bcc0d7a13f238
- SHA1
  
  cb0a39662412de6292496f4a36741e9f039b0f72
- SHA256
  
  326eef0967eb1591dcebf7298b63fb0f88b81eafabb65f3abe3c193504a50599
- SHA512
  
  9fd17faddea8aa27a23457eb9149eafa49d17ded3063d90c92a6995e3ebd44ddea9e63247db907fbee1e8742a65fc7351177c4aceb60f6c657e17ce82755bf16
- SSDEEP
  
  24576:/zcVCgb5WSMYOVRbF8EYHBVomdSlxGQ7i/UbA5LEwkL:/WCWWlVRbrYDAl7ikAyL
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan