8bfb4e8595242b3c3b873cf6ae64bacf50fbd1dc51ada4fc2f5d942a493cc062 | Triage

Sharing

General

Target

387ef3af3355a4bf76771ec81b9ec877_JaffaCakes118
Size

799KB
Sample

240512-f65zqaag7v
MD5

387ef3af3355a4bf76771ec81b9ec877
SHA1

0cdeb28ee135f8113dcf57df49514757261bcb8c
SHA256

8bfb4e8595242b3c3b873cf6ae64bacf50fbd1dc51ada4fc2f5d942a493cc062
SHA512

87bd242b29f1b528b501dcfa651c7aa3d818afc45ef38f1fb20a7d205ae1c1ee8f182ae7ebd30b7a2e161e82f32fc4deab99f43db4ddcb5c42fdff44c52b369d
SSDEEP

12288:FtFkAuhGpQuDPmtXsVrfYjM3ids2z0sJRxmwJAxwUNS2zjJ6AQIp8:F3BuAg2+FJRxmJVM2z4AQIp8

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  387ef3af3355a4bf76771ec81b9ec877_JaffaCakes118
- Size
  
  799KB
- MD5
  
  387ef3af3355a4bf76771ec81b9ec877
- SHA1
  
  0cdeb28ee135f8113dcf57df49514757261bcb8c
- SHA256
  
  8bfb4e8595242b3c3b873cf6ae64bacf50fbd1dc51ada4fc2f5d942a493cc062
- SHA512
  
  87bd242b29f1b528b501dcfa651c7aa3d818afc45ef38f1fb20a7d205ae1c1ee8f182ae7ebd30b7a2e161e82f32fc4deab99f43db4ddcb5c42fdff44c52b369d
- SSDEEP
  
  12288:FtFkAuhGpQuDPmtXsVrfYjM3ids2z0sJRxmwJAxwUNS2zjJ6AQIp8:F3BuAg2+FJRxmJVM2z4AQIp8
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

evasionpersistencetrojan