b9848db860274c4a81c5c3c557d5cd879b4f178017def7bc36f90865251432e7 | Triage

Sharing

General

Target

89d3eac86faef84e0a7f65240c9d86d3_JaffaCakes118
Size

274KB
Sample

240601-jy32yaeh3z
MD5

89d3eac86faef84e0a7f65240c9d86d3
SHA1

e87c8e8d6e73071cb04b87ea9b83ce917273ea6e
SHA256

b9848db860274c4a81c5c3c557d5cd879b4f178017def7bc36f90865251432e7
SHA512

b714e1c2e2a7a2fd7f2cda0643bdb1930d3af20aa5acfaf8762a88436fba006fb2d4596b8b55ec90b82048f6fa1eb01fea3b0941251325d0badfaf725d8a2593
SSDEEP

3072:ACMXA3meKbSsqtqvEAG+IGpKg8IHQago8KHh/cnUtAOicom/8T914G7gQ23XAF:ACMXlbgG4IHQQ5h/0Uql48T0G7PKQ

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  89d3eac86faef84e0a7f65240c9d86d3_JaffaCakes118
- Size
  
  274KB
- MD5
  
  89d3eac86faef84e0a7f65240c9d86d3
- SHA1
  
  e87c8e8d6e73071cb04b87ea9b83ce917273ea6e
- SHA256
  
  b9848db860274c4a81c5c3c557d5cd879b4f178017def7bc36f90865251432e7
- SHA512
  
  b714e1c2e2a7a2fd7f2cda0643bdb1930d3af20aa5acfaf8762a88436fba006fb2d4596b8b55ec90b82048f6fa1eb01fea3b0941251325d0badfaf725d8a2593
- SSDEEP
  
  3072:ACMXA3meKbSsqtqvEAG+IGpKg8IHQago8KHh/cnUtAOicom/8T914G7gQ23XAF:ACMXlbgG4IHQQ5h/0Uql48T0G7PKQ
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence