b67018512894d3b3422f0f856756229ace8e18044e0db51a4141b078bc96cb1d | Triage

Sharing

General

Target

0dd79e364364aa64381242942fecbda3_JaffaCakes118
Size

398KB
Sample

240625-m89h9aygrn
MD5

0dd79e364364aa64381242942fecbda3
SHA1

32ea31863c0966ef09f8ae460306e5cf6c34db7c
SHA256

b67018512894d3b3422f0f856756229ace8e18044e0db51a4141b078bc96cb1d
SHA512

71c0c70816e38001bea26e3dabb881bf6ff22ce4e87a2150247d40bfb0c5d950c30e348a9411e3acacd6797a33d0973d2c6320e1473cbd28eb9661bdd4875ae7
SSDEEP

6144:CPPrO426Ep+NQFj8YdCioiqBb1lo/GWyJusttUnVzfCN/WQ3EEs8Pl9Bnsz+d4:0r5FSfdZTUREGFpt0fw/WQ3EEs83mzw4

Score

8^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  0dd79e364364aa64381242942fecbda3_JaffaCakes118
- Size
  
  398KB
- MD5
  
  0dd79e364364aa64381242942fecbda3
- SHA1
  
  32ea31863c0966ef09f8ae460306e5cf6c34db7c
- SHA256
  
  b67018512894d3b3422f0f856756229ace8e18044e0db51a4141b078bc96cb1d
- SHA512
  
  71c0c70816e38001bea26e3dabb881bf6ff22ce4e87a2150247d40bfb0c5d950c30e348a9411e3acacd6797a33d0973d2c6320e1473cbd28eb9661bdd4875ae7
- SSDEEP
  
  6144:CPPrO426Ep+NQFj8YdCioiqBb1lo/GWyJusttUnVzfCN/WQ3EEs8Pl9Bnsz+d4:0r5FSfdZTUREGFpt0fw/WQ3EEs83mzw4
Score

8^/10

evasion persistence trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan