239be9658963b66d5b63a0349be90a67aca572c69107bfd208fcf613b04262b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b22f72c759897006ba78838bae8e7f9_JaffaCakes118
Size

145KB
Sample

240701-npjn6ayhmd
MD5

1b22f72c759897006ba78838bae8e7f9
SHA1

02ef827d2fe04dcca2b05494ca14eb7bbba794ca
SHA256

239be9658963b66d5b63a0349be90a67aca572c69107bfd208fcf613b04262b6
SHA512

f7e2cbbf794d4b168b22519b81d9381b87c4dbb80676ac3e79b34413021a4611acb7bc3d6f2e21d4286f786c351f29a245815a4ba663bb42ebd635b5bd00aee9
SSDEEP

3072:6xaKFna8CUvhVtcDRoqwCgE6LsfaKBCBIGlm6axrP:4RXCUvhVqD/wM6LsCmQmHr

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  1b22f72c759897006ba78838bae8e7f9_JaffaCakes118
- Size
  
  145KB
- MD5
  
  1b22f72c759897006ba78838bae8e7f9
- SHA1
  
  02ef827d2fe04dcca2b05494ca14eb7bbba794ca
- SHA256
  
  239be9658963b66d5b63a0349be90a67aca572c69107bfd208fcf613b04262b6
- SHA512
  
  f7e2cbbf794d4b168b22519b81d9381b87c4dbb80676ac3e79b34413021a4611acb7bc3d6f2e21d4286f786c351f29a245815a4ba663bb42ebd635b5bd00aee9
- SSDEEP
  
  3072:6xaKFna8CUvhVtcDRoqwCgE6LsfaKBCBIGlm6axrP:4RXCUvhVqD/wM6LsCmQmHr
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2