4ac75a69d5474ae4e58c9d5fab1c09f9cf0d42b2235c13d152e8801f78929479 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18ba38c473239322efddf43081fab2d2_JaffaCakes118
Size

131KB
Sample

240628-eradtszhlg
MD5

18ba38c473239322efddf43081fab2d2
SHA1

bd4102884b415bd6d79606f856dd888ee7a1533a
SHA256

4ac75a69d5474ae4e58c9d5fab1c09f9cf0d42b2235c13d152e8801f78929479
SHA512

d79b6da6ac3f3f332b01ff77c1083b3571fe49f5477987c86a7f84ffbdbcef2e6a259b97ea6c3ed894b92d6935eac71caa9b6cf04a5582601fe9b8446f0657da
SSDEEP

1536:BL+O/U7OBmKGS6CBK0t/ZCXPGuxgDM5YKBGNc/xf6KWcs8+SUkIcekqY1o/uImzO:BLxUyjp3xCTyDMsUWyw+Ubx7N7

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  18ba38c473239322efddf43081fab2d2_JaffaCakes118
- Size
  
  131KB
- MD5
  
  18ba38c473239322efddf43081fab2d2
- SHA1
  
  bd4102884b415bd6d79606f856dd888ee7a1533a
- SHA256
  
  4ac75a69d5474ae4e58c9d5fab1c09f9cf0d42b2235c13d152e8801f78929479
- SHA512
  
  d79b6da6ac3f3f332b01ff77c1083b3571fe49f5477987c86a7f84ffbdbcef2e6a259b97ea6c3ed894b92d6935eac71caa9b6cf04a5582601fe9b8446f0657da
- SSDEEP
  
  1536:BL+O/U7OBmKGS6CBK0t/ZCXPGuxgDM5YKBGNc/xf6KWcs8+SUkIcekqY1o/uImzO:BLxUyjp3xCTyDMsUWyw+Ubx7N7
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2