d1a9e332360d7d44e2a5403cfab0746d988c94d490dc1c48bbbbd1202b65fe1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e053b7cbc4bb4086521bf8c24c28dfa_JaffaCakes118
Size

52KB
Sample

240625-pcnm1syfjh
MD5

0e053b7cbc4bb4086521bf8c24c28dfa
SHA1

7dd4bc7af4db6badf1ee1decddb5a64feb0e5211
SHA256

d1a9e332360d7d44e2a5403cfab0746d988c94d490dc1c48bbbbd1202b65fe1a
SHA512

54d65ed8fb4b8c492f97f52e630d1bbe2eb6969c4234581761459bc5f43d55ea358c35e7819610a0e8ddc1ca48668fad396af6aa0cef1607dcd48570a02363ed
SSDEEP

384:ja/s+0A7PNbxtOl96QYc+Lgo1dF14MPXwxqArhLTR9E5eT0pqfAKiqICPyhhKS4g:u/LFRxgW/51dFbPmrOjqI2SDNj3V7

Score

10^/10

evasion persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
1251458gdg

Targets

- Target
  
  0e053b7cbc4bb4086521bf8c24c28dfa_JaffaCakes118
- Size
  
  52KB
- MD5
  
  0e053b7cbc4bb4086521bf8c24c28dfa
- SHA1
  
  7dd4bc7af4db6badf1ee1decddb5a64feb0e5211
- SHA256
  
  d1a9e332360d7d44e2a5403cfab0746d988c94d490dc1c48bbbbd1202b65fe1a
- SHA512
  
  54d65ed8fb4b8c492f97f52e630d1bbe2eb6969c4234581761459bc5f43d55ea358c35e7819610a0e8ddc1ca48668fad396af6aa0cef1607dcd48570a02363ed
- SSDEEP
  
  384:ja/s+0A7PNbxtOl96QYc+Lgo1dF14MPXwxqArhLTR9E5eT0pqfAKiqICPyhhKS4g:u/LFRxgW/51dFbPmrOjqI2SDNj3V7
Score

10^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence