3961f60f8b78e32b0ea6437a329ba4f304ab3252ea0847ad9901fa2516278a39 | Triage

Sharing

General

Target

04ef4c10462ba96998c8346c10209f29_JaffaCakes118
Size

870KB
Sample

240428-lz1pbadd2t
MD5

04ef4c10462ba96998c8346c10209f29
SHA1

273e828c679261fd6d5888119c21d9ae16b0af73
SHA256

3961f60f8b78e32b0ea6437a329ba4f304ab3252ea0847ad9901fa2516278a39
SHA512

5b378c0dacbaddc87fdbeab34ca16e6ba9d6e800ad58f78f26fd046ba209222663eb17298b9bc347b8ab6a4a896481035511e07d4e3dc2398a38731969c7d803
SSDEEP

12288:Rx1VY4XGMfzF2vpRw3LzNgry77oyoQxT5Rpo1UJlA+Wb/KR7SvgWjctzXHhNnfX/:dmyWv277lxTJPJlAdrs7dtIYP

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  04ef4c10462ba96998c8346c10209f29_JaffaCakes118
- Size
  
  870KB
- MD5
  
  04ef4c10462ba96998c8346c10209f29
- SHA1
  
  273e828c679261fd6d5888119c21d9ae16b0af73
- SHA256
  
  3961f60f8b78e32b0ea6437a329ba4f304ab3252ea0847ad9901fa2516278a39
- SHA512
  
  5b378c0dacbaddc87fdbeab34ca16e6ba9d6e800ad58f78f26fd046ba209222663eb17298b9bc347b8ab6a4a896481035511e07d4e3dc2398a38731969c7d803
- SSDEEP
  
  12288:Rx1VY4XGMfzF2vpRw3LzNgry77oyoQxT5Rpo1UJlA+Wb/KR7SvgWjctzXHhNnfX/:dmyWv277lxTJPJlAdrs7dtIYP
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2