20671db57550c9e3618b1f0f6dbacad88281a8f8dbc21786353d3cacb7d5a9b6 | Triage

Sharing

General

Target

a8f163ef904f98cc52a0e267f7ad9a3e_JaffaCakes118
Size

884KB
Sample

240614-lbn1lsyajp
MD5

a8f163ef904f98cc52a0e267f7ad9a3e
SHA1

228bb334de6ba2894f375b8cbdd24e547de88c8b
SHA256

20671db57550c9e3618b1f0f6dbacad88281a8f8dbc21786353d3cacb7d5a9b6
SHA512

1a96b6477f7ba5e77f33681d9e3f013ac39a7b4e39c2bf5b113df26713c9fe316569a02bf80588b27d6d1008d84a8bcdafe136aa9d20b4275d8c246dd5887cb1
SSDEEP

12288:qr7Ues7MzBTB+ssWJq6s08/7h7DH8fQ85zFTEQo7K5Qa2z3gdnBtwTDDSRwo:qr5sMz9BQiRsbCY7Kufqtw/DYwo

Score

7^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  a8f163ef904f98cc52a0e267f7ad9a3e_JaffaCakes118
- Size
  
  884KB
- MD5
  
  a8f163ef904f98cc52a0e267f7ad9a3e
- SHA1
  
  228bb334de6ba2894f375b8cbdd24e547de88c8b
- SHA256
  
  20671db57550c9e3618b1f0f6dbacad88281a8f8dbc21786353d3cacb7d5a9b6
- SHA512
  
  1a96b6477f7ba5e77f33681d9e3f013ac39a7b4e39c2bf5b113df26713c9fe316569a02bf80588b27d6d1008d84a8bcdafe136aa9d20b4275d8c246dd5887cb1
- SSDEEP
  
  12288:qr7Ues7MzBTB+ssWJq6s08/7h7DH8fQ85zFTEQo7K5Qa2z3gdnBtwTDDSRwo:qr5sMz9BQiRsbCY7Kufqtw/DYwo
Score

7^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2