045448051dfb505e15fe52f0a881ce3cf2a80fc70ef84a1fc03be82c4cfb7e0c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9860ea70d7aa3c5c3dbc97e6ec76a699_JaffaCakes118
Size

32KB
Sample

240605-rlb2paac79
MD5

9860ea70d7aa3c5c3dbc97e6ec76a699
SHA1

73ad83515fdb773ec040233cfc534c46a7ee1a30
SHA256

045448051dfb505e15fe52f0a881ce3cf2a80fc70ef84a1fc03be82c4cfb7e0c
SHA512

e8deaeedcb28d817fcfee82ddd4fb69fb1e852abb3f615d1d5490163387e6d2549453a904dc8f0dda3c3e3c2bc64601d00e6497583100b55832298d61d0ec2b9
SSDEEP

768:Zf9wt5Zrw/0zDb3wbHwEiww3ccrfLz2r:0ukHg8rww3cafP2r

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  9860ea70d7aa3c5c3dbc97e6ec76a699_JaffaCakes118
- Size
  
  32KB
- MD5
  
  9860ea70d7aa3c5c3dbc97e6ec76a699
- SHA1
  
  73ad83515fdb773ec040233cfc534c46a7ee1a30
- SHA256
  
  045448051dfb505e15fe52f0a881ce3cf2a80fc70ef84a1fc03be82c4cfb7e0c
- SHA512
  
  e8deaeedcb28d817fcfee82ddd4fb69fb1e852abb3f615d1d5490163387e6d2549453a904dc8f0dda3c3e3c2bc64601d00e6497583100b55832298d61d0ec2b9
- SSDEEP
  
  768:Zf9wt5Zrw/0zDb3wbHwEiww3ccrfLz2r:0ukHg8rww3cafP2r
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence