e9d198d5fec2f84786c95d0f108d31abd641cdbd0812982c12cb0b145b4ba1a2 | Triage

Sharing

General

Target

0c7f488c541161d0a0c907d664c44c41_JaffaCakes118
Size

400KB
Sample

240625-exr6tstcqn
MD5

0c7f488c541161d0a0c907d664c44c41
SHA1

a5619479bb1da75bd8eaeb641fbc1981f9202952
SHA256

e9d198d5fec2f84786c95d0f108d31abd641cdbd0812982c12cb0b145b4ba1a2
SHA512

60b77343593a140ebdfd10e1a7a8180d2e344c0e7ffbc4dcf68f00b4e3f5371e7a09d4144efe6fed9678fcf76fc944d82d61d19df530467ada067339a85b5c08
SSDEEP

6144:dgrjuvSjs7jWG89nXQHH8ZvvnxKGebHk8bSZq5ytf1d1NkwIaGW2UEFdHyxsu:d9qSG8KvkGebHkkSZq5mf5NxIaG9dHb

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  0c7f488c541161d0a0c907d664c44c41_JaffaCakes118
- Size
  
  400KB
- MD5
  
  0c7f488c541161d0a0c907d664c44c41
- SHA1
  
  a5619479bb1da75bd8eaeb641fbc1981f9202952
- SHA256
  
  e9d198d5fec2f84786c95d0f108d31abd641cdbd0812982c12cb0b145b4ba1a2
- SHA512
  
  60b77343593a140ebdfd10e1a7a8180d2e344c0e7ffbc4dcf68f00b4e3f5371e7a09d4144efe6fed9678fcf76fc944d82d61d19df530467ada067339a85b5c08
- SSDEEP
  
  6144:dgrjuvSjs7jWG89nXQHH8ZvvnxKGebHk8bSZq5ytf1d1NkwIaGW2UEFdHyxsu:d9qSG8KvkGebHkkSZq5mf5NxIaG9dHb
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2