1f175b3586d3070e0a44e8f77ed5b174e861c2c16e26080890bd10a6108d0331 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15ff030665f64cbcbe798f48e67d5d21_JaffaCakes118
Size

276KB
Sample

240627-plergatdkn
MD5

15ff030665f64cbcbe798f48e67d5d21
SHA1

457f04272dafe5363bc238431714698d4fd81fcc
SHA256

1f175b3586d3070e0a44e8f77ed5b174e861c2c16e26080890bd10a6108d0331
SHA512

b67714a4d75f5a6f610d8f44e66c5622e8813ba85ff21122a14cadb25c180ab233633ddc61dac6844cefedc4ec888e9af9e0c5f56697bcafd5fac809cadc28fe
SSDEEP

6144:yjPeij7TXad5lmIM3PkuWCPXmydunYce7FnKf/h1q3ez1I0PR/GTHh:yK+fmlmh3RMHe7FU/uuRVe9

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  15ff030665f64cbcbe798f48e67d5d21_JaffaCakes118
- Size
  
  276KB
- MD5
  
  15ff030665f64cbcbe798f48e67d5d21
- SHA1
  
  457f04272dafe5363bc238431714698d4fd81fcc
- SHA256
  
  1f175b3586d3070e0a44e8f77ed5b174e861c2c16e26080890bd10a6108d0331
- SHA512
  
  b67714a4d75f5a6f610d8f44e66c5622e8813ba85ff21122a14cadb25c180ab233633ddc61dac6844cefedc4ec888e9af9e0c5f56697bcafd5fac809cadc28fe
- SSDEEP
  
  6144:yjPeij7TXad5lmIM3PkuWCPXmydunYce7FnKf/h1q3ez1I0PR/GTHh:yK+fmlmh3RMHe7FU/uuRVe9
Score

8^/10

evasion persistence
- Looks for VMWare Tools registry key
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence