caeccc412bc469c2c0b140b3c3f41fc23c5f4e56fe1dc0628215a18853d24f40 | Triage

Sharing

General

Target

14f4273a4958c1277ac3059fabde33d8_JaffaCakes118
Size

416KB
Sample

240627-gyxttawcnb
MD5

14f4273a4958c1277ac3059fabde33d8
SHA1

e3ecf90b209c66c72d95f6bc81c1de6137f240ec
SHA256

caeccc412bc469c2c0b140b3c3f41fc23c5f4e56fe1dc0628215a18853d24f40
SHA512

218ff7f2bcfadbcb06a1346f75ddc61f5f1c762ca1ddc6693335dd57bc87d8302310fe7d51caa283c091f27f99d54a24e8d5bf2475d201fc78b0d4e73535bb1e
SSDEEP

6144:CEIZDAEE+Y5sesv1oD8TSiBbInCJViWjLhO1yI5NqhJYwW+TIVO5d6zVgS3VC0qZ:CTD5YKesvdBbCCJViWjOV5Ny0h3VJW3

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  14f4273a4958c1277ac3059fabde33d8_JaffaCakes118
- Size
  
  416KB
- MD5
  
  14f4273a4958c1277ac3059fabde33d8
- SHA1
  
  e3ecf90b209c66c72d95f6bc81c1de6137f240ec
- SHA256
  
  caeccc412bc469c2c0b140b3c3f41fc23c5f4e56fe1dc0628215a18853d24f40
- SHA512
  
  218ff7f2bcfadbcb06a1346f75ddc61f5f1c762ca1ddc6693335dd57bc87d8302310fe7d51caa283c091f27f99d54a24e8d5bf2475d201fc78b0d4e73535bb1e
- SSDEEP
  
  6144:CEIZDAEE+Y5sesv1oD8TSiBbInCJViWjLhO1yI5NqhJYwW+TIVO5d6zVgS3VC0qZ:CTD5YKesvdBbCCJViWjOV5Ny0h3VJW3
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2