610b5083da3ae6a3f976d1e2de4a253acd49d72869846b9064f886f6dda03472 | Triage

Sharing

General

Target

06776dbcb6b68bbf40ce3920d3454e0a_JaffaCakes118
Size

1.4MB
Sample

240620-qvf7bsvaql
MD5

06776dbcb6b68bbf40ce3920d3454e0a
SHA1

197aeb8c52938b73a328e4509310b01ad13b8515
SHA256

610b5083da3ae6a3f976d1e2de4a253acd49d72869846b9064f886f6dda03472
SHA512

79b651f185ebe13f73cefdc253a34fb58cb60513318375aa67920e19f435cc39f3108368ca3b17a06005e400b33d5ec8825cd11cc47bf8e828b771871ae03f81
SSDEEP

24576:Jag10mh+RRh57yHv9qUpY7ruoAxalzCxyUbBtg2F//cEqxAy4zQdP0FEiw6lPiZ:JjGmo3c9q2xW7Ud/+5LFmgZ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  06776dbcb6b68bbf40ce3920d3454e0a_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  06776dbcb6b68bbf40ce3920d3454e0a
- SHA1
  
  197aeb8c52938b73a328e4509310b01ad13b8515
- SHA256
  
  610b5083da3ae6a3f976d1e2de4a253acd49d72869846b9064f886f6dda03472
- SHA512
  
  79b651f185ebe13f73cefdc253a34fb58cb60513318375aa67920e19f435cc39f3108368ca3b17a06005e400b33d5ec8825cd11cc47bf8e828b771871ae03f81
- SSDEEP
  
  24576:Jag10mh+RRh57yHv9qUpY7ruoAxalzCxyUbBtg2F//cEqxAy4zQdP0FEiw6lPiZ:JjGmo3c9q2xW7Ud/+5LFmgZ
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2