ceb79ed070f2ba893fab53f82031786f0ffd8430f04372041e37d758c50f0046 | Triage

Sharing

General

Target

0185b27b82e021acdced536831b65b94_JaffaCakes118
Size

4KB
Sample

240620-a6r5zazbqh
MD5

0185b27b82e021acdced536831b65b94
SHA1

ec26ca88b03f4ec5a7748e9790cbf2f358fd956e
SHA256

ceb79ed070f2ba893fab53f82031786f0ffd8430f04372041e37d758c50f0046
SHA512

410726ecf3d8e7bad0270884b56138749f6f615a25a5cdaf885364f955de4016b66eafc8401c985f8ddbdbbc8f5b19471488d8d8b921a559bcd994598d791575

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  0185b27b82e021acdced536831b65b94_JaffaCakes118
- Size
  
  4KB
- MD5
  
  0185b27b82e021acdced536831b65b94
- SHA1
  
  ec26ca88b03f4ec5a7748e9790cbf2f358fd956e
- SHA256
  
  ceb79ed070f2ba893fab53f82031786f0ffd8430f04372041e37d758c50f0046
- SHA512
  
  410726ecf3d8e7bad0270884b56138749f6f615a25a5cdaf885364f955de4016b66eafc8401c985f8ddbdbbc8f5b19471488d8d8b921a559bcd994598d791575
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2