2bd14d90fb7451d5ca04f68e328023646b3299cdc95f5c258d6a16eb548a9c7b | Triage

Sharing

General

Target

153ee30d940bd599d79e6f7faaf1f7dd_JaffaCakes118
Size

1.4MB
Sample

240627-jwbjxaserm
MD5

153ee30d940bd599d79e6f7faaf1f7dd
SHA1

0dc697cf40c1feb2958b40d918ed83cccc683d6d
SHA256

2bd14d90fb7451d5ca04f68e328023646b3299cdc95f5c258d6a16eb548a9c7b
SHA512

24acf93216645b942a32e147efb8271130477222b1c05a2ea13fc42317e8cf7e43500f911d10913ebceaef29bd809542466a63d6ce8cbd9dc2dd10649635dc5a
SSDEEP

24576:bag10mh+RRh57yHv9qAkHlMp0ZUjEzBGyujUbccHnppB7Kuj6NmVDsnH:bjGmo3c9qZe0Cj2oyFKtH

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  153ee30d940bd599d79e6f7faaf1f7dd_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  153ee30d940bd599d79e6f7faaf1f7dd
- SHA1
  
  0dc697cf40c1feb2958b40d918ed83cccc683d6d
- SHA256
  
  2bd14d90fb7451d5ca04f68e328023646b3299cdc95f5c258d6a16eb548a9c7b
- SHA512
  
  24acf93216645b942a32e147efb8271130477222b1c05a2ea13fc42317e8cf7e43500f911d10913ebceaef29bd809542466a63d6ce8cbd9dc2dd10649635dc5a
- SSDEEP
  
  24576:bag10mh+RRh57yHv9qAkHlMp0ZUjEzBGyujUbccHnppB7Kuj6NmVDsnH:bjGmo3c9qZe0Cj2oyFKtH
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2