7816d2f990354a87bb997ad32bb767cb8bbfff4e0510d17d8807e1b71f2ba076 | Triage

Sharing

General

Target

a4e4ef8976634eb52dfb140c859dbe7b_JaffaCakes118
Size

970KB
Sample

240613-lnazhsxcmm
MD5

a4e4ef8976634eb52dfb140c859dbe7b
SHA1

6c6d7843fd53eaca956a7c6e74f908b7c8975d0e
SHA256

7816d2f990354a87bb997ad32bb767cb8bbfff4e0510d17d8807e1b71f2ba076
SHA512

22f8870442fa5bd0d282929d68f0d71ac6f81b454f2e099b6ab1b2f2528ab55719c0e9f6e350d2823706cc68226d86e0fa5e359ae004b0cfbf28901508981cd9
SSDEEP

12288:ut/Yfj0K8vDi8PlAVhzb4Ns6LsysMnCLlmGA1KA8tJOKpW+alXQ6sq42Do:usIjG8ajn4SbyFnwBMfYfpBalA78o

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  a4e4ef8976634eb52dfb140c859dbe7b_JaffaCakes118
- Size
  
  970KB
- MD5
  
  a4e4ef8976634eb52dfb140c859dbe7b
- SHA1
  
  6c6d7843fd53eaca956a7c6e74f908b7c8975d0e
- SHA256
  
  7816d2f990354a87bb997ad32bb767cb8bbfff4e0510d17d8807e1b71f2ba076
- SHA512
  
  22f8870442fa5bd0d282929d68f0d71ac6f81b454f2e099b6ab1b2f2528ab55719c0e9f6e350d2823706cc68226d86e0fa5e359ae004b0cfbf28901508981cd9
- SSDEEP
  
  12288:ut/Yfj0K8vDi8PlAVhzb4Ns6LsysMnCLlmGA1KA8tJOKpW+alXQ6sq42Do:usIjG8ajn4SbyFnwBMfYfpBalA78o
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

evasionpersistencetrojan