f4ab1818af8ebd8e5b6763243fefa96c86db69c62f00cb564198ff6149a4e10b | Triage

Sharing

General

Target

63f020fdd37d5fbbd716dc5e43d8dbae_JaffaCakes118
Size

496KB
Sample

240521-ttgy1sbf8x
MD5

63f020fdd37d5fbbd716dc5e43d8dbae
SHA1

1fb907f9202dee3b00adfe43f41dc4772d8572d1
SHA256

f4ab1818af8ebd8e5b6763243fefa96c86db69c62f00cb564198ff6149a4e10b
SHA512

5af616252f2a6fd1db1d84804725ad90ec28ae113ee2f5c10d5c6529a10a119f45a10621c93df3f10497d014c2e9a2474e551cfd2080bbd16ecc74a97d11ef31
SSDEEP

12288:545fonA3GvLnRJAGhfXt+bulIzxbss7fLOR:5A+rFXtMXGzR

Score

7^/10

Malware Config

Targets

- Target
  
  63f020fdd37d5fbbd716dc5e43d8dbae_JaffaCakes118
- Size
  
  496KB
- MD5
  
  63f020fdd37d5fbbd716dc5e43d8dbae
- SHA1
  
  1fb907f9202dee3b00adfe43f41dc4772d8572d1
- SHA256
  
  f4ab1818af8ebd8e5b6763243fefa96c86db69c62f00cb564198ff6149a4e10b
- SHA512
  
  5af616252f2a6fd1db1d84804725ad90ec28ae113ee2f5c10d5c6529a10a119f45a10621c93df3f10497d014c2e9a2474e551cfd2080bbd16ecc74a97d11ef31
- SSDEEP
  
  12288:545fonA3GvLnRJAGhfXt+bulIzxbss7fLOR:5A+rFXtMXGzR
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2