57258c1c5315dd3b46a9cd8a22652b25d59cfea45f5cfad5df7fcbaf793d5497 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26f5326eb8f6c40de392bfaf8923767f_JaffaCakes118
Size

74KB
Sample

240705-q9gfmssbla
MD5

26f5326eb8f6c40de392bfaf8923767f
SHA1

97c43e4cb9eecb745029f681d13fadee3cd8c374
SHA256

57258c1c5315dd3b46a9cd8a22652b25d59cfea45f5cfad5df7fcbaf793d5497
SHA512

3be2b117ee43a0cade6986c7671d0da411a89f1f56428895f03cc99a2bf74fba8aa5beb2754c18825578435e6068736c519152e8c03e17fcdd39259eaf215486
SSDEEP

1536:3kCsqmH1MvhghRcod4lT/qabPSmeCvjBPoaT2KtOY3w:UDSucTxyazSpC7Ntu

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  26f5326eb8f6c40de392bfaf8923767f_JaffaCakes118
- Size
  
  74KB
- MD5
  
  26f5326eb8f6c40de392bfaf8923767f
- SHA1
  
  97c43e4cb9eecb745029f681d13fadee3cd8c374
- SHA256
  
  57258c1c5315dd3b46a9cd8a22652b25d59cfea45f5cfad5df7fcbaf793d5497
- SHA512
  
  3be2b117ee43a0cade6986c7671d0da411a89f1f56428895f03cc99a2bf74fba8aa5beb2754c18825578435e6068736c519152e8c03e17fcdd39259eaf215486
- SSDEEP
  
  1536:3kCsqmH1MvhghRcod4lT/qabPSmeCvjBPoaT2KtOY3w:UDSucTxyazSpC7Ntu
Score

8^/10

persistence
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2