572021fdac883f348011afdeb1e09eabdf804c1153cfb44eb828dce4cf86c910 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2468244fc39494e35606f5e7338c762d_JaffaCakes118
Size

9KB
Sample

240508-mfp9xafg6w
MD5

2468244fc39494e35606f5e7338c762d
SHA1

dac59f996d676d80abb579dd6fb90bfbab5af01a
SHA256

572021fdac883f348011afdeb1e09eabdf804c1153cfb44eb828dce4cf86c910
SHA512

f5422d13596dbb2ea7d2412c9d7ee9bd75f21c7f7c1d4b0436f6ec6ac56423847e16ed0875adc3d499a52743c9b353305af0d3236b9c83b38e509fd16a932493
SSDEEP

48:m+tXaGkEgNMhlkGffffffffhffffffffffffkfxfUfVQbDSj3xM7fJLvIu9kJHDZ:mWaG3soWtLA9OgevMVyRmv

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://bit.ly/2R9G0dd

Targets

- Target
  
  2468244fc39494e35606f5e7338c762d_JaffaCakes118
- Size
  
  9KB
- MD5
  
  2468244fc39494e35606f5e7338c762d
- SHA1
  
  dac59f996d676d80abb579dd6fb90bfbab5af01a
- SHA256
  
  572021fdac883f348011afdeb1e09eabdf804c1153cfb44eb828dce4cf86c910
- SHA512
  
  f5422d13596dbb2ea7d2412c9d7ee9bd75f21c7f7c1d4b0436f6ec6ac56423847e16ed0875adc3d499a52743c9b353305af0d3236b9c83b38e509fd16a932493
- SSDEEP
  
  48:m+tXaGkEgNMhlkGffffffffhffffffffffffkfxfUfVQbDSj3xM7fJLvIu9kJHDZ:mWaG3soWtLA9OgevMVyRmv
Score

10^/10

evasion trojan
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2