3266083acac8c9d3ed24b4943fef1b5d3b1b61d66f7faecc52e31c317b75195c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

170dc9db45db0013d1bd0082964e0e3e_JaffaCakes118
Size

393KB
Sample

240627-w41j8atglg
MD5

170dc9db45db0013d1bd0082964e0e3e
SHA1

144c345a572344279ecd3ec625dc64bb4880f263
SHA256

3266083acac8c9d3ed24b4943fef1b5d3b1b61d66f7faecc52e31c317b75195c
SHA512

4c07c22212a832aab1017c6b4dc37c024a3b09a3598ac47c33515fec0ac60733b09e9e11e277407f4b2f47b39958c1cb23ee345576d79c2767cdbab61e567fba
SSDEEP

12288:hK3KpJI6xj1dV9fJcEXW4OYIb5IiENCaza4:hKCb1dV9fJhXWGHNja4

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  170dc9db45db0013d1bd0082964e0e3e_JaffaCakes118
- Size
  
  393KB
- MD5
  
  170dc9db45db0013d1bd0082964e0e3e
- SHA1
  
  144c345a572344279ecd3ec625dc64bb4880f263
- SHA256
  
  3266083acac8c9d3ed24b4943fef1b5d3b1b61d66f7faecc52e31c317b75195c
- SHA512
  
  4c07c22212a832aab1017c6b4dc37c024a3b09a3598ac47c33515fec0ac60733b09e9e11e277407f4b2f47b39958c1cb23ee345576d79c2767cdbab61e567fba
- SSDEEP
  
  12288:hK3KpJI6xj1dV9fJcEXW4OYIb5IiENCaza4:hKCb1dV9fJhXWGHNja4
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2