11aff20113514156457b6e4df44420be50871ab8682205f8a999ae034fc33a08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15463ef1d129742826dc33616e526257_JaffaCakes118
Size

360KB
Sample

240627-j2zhxsshmm
MD5

15463ef1d129742826dc33616e526257
SHA1

dd0a52cd6e14b4386b7189f1030f2e2bf7d9e9dd
SHA256

11aff20113514156457b6e4df44420be50871ab8682205f8a999ae034fc33a08
SHA512

9c24ad139c8f697160d42c65bf62ff7baf79cd17b6e4da627fbb8a6a60307dc9c955d706a68657d79e4142039147f14407d66944a36e94a1c5c9f3d2f90013a4
SSDEEP

6144:CjQ2cYW6OE8vZou8QXFdWHR/MMxJZG/va+:CjQf6X8vZou8mO2va+

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  15463ef1d129742826dc33616e526257_JaffaCakes118
- Size
  
  360KB
- MD5
  
  15463ef1d129742826dc33616e526257
- SHA1
  
  dd0a52cd6e14b4386b7189f1030f2e2bf7d9e9dd
- SHA256
  
  11aff20113514156457b6e4df44420be50871ab8682205f8a999ae034fc33a08
- SHA512
  
  9c24ad139c8f697160d42c65bf62ff7baf79cd17b6e4da627fbb8a6a60307dc9c955d706a68657d79e4142039147f14407d66944a36e94a1c5c9f3d2f90013a4
- SSDEEP
  
  6144:CjQ2cYW6OE8vZou8QXFdWHR/MMxJZG/va+:CjQf6X8vZou8mO2va+
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2