a4fcba21580b08cac8b4bc444a5e7907d08319910c016667877d8b76724d2010 | Triage

Sharing

General

Target

68e621478266bd32cb94e412553345f6_JaffaCakes118
Size

703KB
Sample

240522-2rf8psca27
MD5

68e621478266bd32cb94e412553345f6
SHA1

9704c3a436aae573281bd4c5ef4f398b84e9b4d3
SHA256

a4fcba21580b08cac8b4bc444a5e7907d08319910c016667877d8b76724d2010
SHA512

27e1f8a74b5a48b8ed395bd9ad927ba2afd51d75e3aee98897c56b8630bbe9d9e2d0aa6ffd4a1dd327291501e3cae93764d680831fc60a8245004342bddfb109
SSDEEP

12288:nviyjlMsGhLqVjJ/gaTbiO/7hlS85TMalRU24LJgyo/30pFfhdC24Wj:vYLqv/gaTbisSqrQL6yoQfhdC24Wj

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  68e621478266bd32cb94e412553345f6_JaffaCakes118
- Size
  
  703KB
- MD5
  
  68e621478266bd32cb94e412553345f6
- SHA1
  
  9704c3a436aae573281bd4c5ef4f398b84e9b4d3
- SHA256
  
  a4fcba21580b08cac8b4bc444a5e7907d08319910c016667877d8b76724d2010
- SHA512
  
  27e1f8a74b5a48b8ed395bd9ad927ba2afd51d75e3aee98897c56b8630bbe9d9e2d0aa6ffd4a1dd327291501e3cae93764d680831fc60a8245004342bddfb109
- SSDEEP
  
  12288:nviyjlMsGhLqVjJ/gaTbiO/7hlS85TMalRU24LJgyo/30pFfhdC24Wj:vYLqv/gaTbisSqrQL6yoQfhdC24Wj
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

evasionpersistencetrojan