4a8bf464917adb44deef3ca62c9dfd4a0b2ec778294da403e1ca8416ad5834e2 | Triage

Sharing

General

Target

6a20c674c0c9baecec19169e61b26986_JaffaCakes118
Size

703KB
Sample

240523-hw9k9sha54
MD5

6a20c674c0c9baecec19169e61b26986
SHA1

8ec5fe64910ddcaff9d9cbddc66b56fb4ba62cce
SHA256

4a8bf464917adb44deef3ca62c9dfd4a0b2ec778294da403e1ca8416ad5834e2
SHA512

2325c7698cfdc76bfee61a22a6c9c9fcb2ae62005768f874172e3f76fa9f0ece8be3ff87206767b36169fc29cd32d361ec8e458deece6d26d664d6d78b1cb871
SSDEEP

12288:YviyjlMsGhLqVjJ/gaTbiO/7hlS85TMalRU24LJgyo/30pFfhdC24W2:cYLqv/gaTbisSqrQL6yoQfhdC24W2

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  6a20c674c0c9baecec19169e61b26986_JaffaCakes118
- Size
  
  703KB
- MD5
  
  6a20c674c0c9baecec19169e61b26986
- SHA1
  
  8ec5fe64910ddcaff9d9cbddc66b56fb4ba62cce
- SHA256
  
  4a8bf464917adb44deef3ca62c9dfd4a0b2ec778294da403e1ca8416ad5834e2
- SHA512
  
  2325c7698cfdc76bfee61a22a6c9c9fcb2ae62005768f874172e3f76fa9f0ece8be3ff87206767b36169fc29cd32d361ec8e458deece6d26d664d6d78b1cb871
- SSDEEP
  
  12288:YviyjlMsGhLqVjJ/gaTbiO/7hlS85TMalRU24LJgyo/30pFfhdC24W2:cYLqv/gaTbisSqrQL6yoQfhdC24W2
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

evasionpersistencetrojan