e2fb246070404a9e7f9a42bc88f3429ee9f7bc4470c4ac939db46be21e165287 | Triage

Sharing

General

Target

37141d21044b40a776c51cdc13b86899_JaffaCakes118
Size

73KB
Sample

240511-3b1g3sdg2w
MD5

37141d21044b40a776c51cdc13b86899
SHA1

8f987d9c56e12e6641754115cb0d65d6c34e69c6
SHA256

e2fb246070404a9e7f9a42bc88f3429ee9f7bc4470c4ac939db46be21e165287
SHA512

2cb85962acafa8d0ce385917b425f5ede4ab503d1224073aae783e57b5eab3589bd423b47e1c6d7f689c5cce0bf791de84d897fb95ecf64ffd59f30758b4fdcc
SSDEEP

1536:d8cQPMz4GlHNvQYviFSD17fdN85bxYYhVfGAGnNUHORWR:6cQPM8GdNv6ERYLN7SNEKWR

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  37141d21044b40a776c51cdc13b86899_JaffaCakes118
- Size
  
  73KB
- MD5
  
  37141d21044b40a776c51cdc13b86899
- SHA1
  
  8f987d9c56e12e6641754115cb0d65d6c34e69c6
- SHA256
  
  e2fb246070404a9e7f9a42bc88f3429ee9f7bc4470c4ac939db46be21e165287
- SHA512
  
  2cb85962acafa8d0ce385917b425f5ede4ab503d1224073aae783e57b5eab3589bd423b47e1c6d7f689c5cce0bf791de84d897fb95ecf64ffd59f30758b4fdcc
- SSDEEP
  
  1536:d8cQPMz4GlHNvQYviFSD17fdN85bxYYhVfGAGnNUHORWR:6cQPM8GdNv6ERYLN7SNEKWR
Score

8^/10

execution persistence
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

executionpersistence