621271ab14ecddcf2e2661f5ab4e1bea00ea25533d081f9a640980436e57958d | Triage

Sharing

General

Target

a56b7d59520f0821257d21ee8215f62a_JaffaCakes118
Size

823KB
Sample

240613-n5kamaxfnc
MD5

a56b7d59520f0821257d21ee8215f62a
SHA1

ca68fa31d88e32d4171cb381553844320b037d77
SHA256

621271ab14ecddcf2e2661f5ab4e1bea00ea25533d081f9a640980436e57958d
SHA512

1a1507031df51ebfec8719b81470b6de7b8baaf04fbde3f224a75cca6fde2193b47c082d4290e56365ae4947f19f54ec98817e7ddf7fae154834616a52e18d46
SSDEEP

24576:9PEbsQUQ1yfX9NF2OACZAYLCXiJ0vlZIN6vo:9PEbsFF/P4/YWG0vlZIN6Q

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  a56b7d59520f0821257d21ee8215f62a_JaffaCakes118
- Size
  
  823KB
- MD5
  
  a56b7d59520f0821257d21ee8215f62a
- SHA1
  
  ca68fa31d88e32d4171cb381553844320b037d77
- SHA256
  
  621271ab14ecddcf2e2661f5ab4e1bea00ea25533d081f9a640980436e57958d
- SHA512
  
  1a1507031df51ebfec8719b81470b6de7b8baaf04fbde3f224a75cca6fde2193b47c082d4290e56365ae4947f19f54ec98817e7ddf7fae154834616a52e18d46
- SSDEEP
  
  24576:9PEbsQUQ1yfX9NF2OACZAYLCXiJ0vlZIN6vo:9PEbsFF/P4/YWG0vlZIN6Q
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

evasionpersistencetrojan