fefd063e8ec50a51e9ab75e3802f054303a7dd5d4c8bbcd8c62acb754c6e0349 | Triage

Sharing

General

Target

26f80b34f596d2a271fcc502aac2f634_JaffaCakes118
Size

162KB
Sample

240705-rqh1sssdnd
MD5

26f80b34f596d2a271fcc502aac2f634
SHA1

b29c74384102019088c1e9c8557c28455323ab5f
SHA256

fefd063e8ec50a51e9ab75e3802f054303a7dd5d4c8bbcd8c62acb754c6e0349
SHA512

d47d469c74d84be39cb836fd1b85fe04f2d30307c2e5c1988f7952b912f4577e32e71ad1c4bff85e75bb56ff77852164e5ac1758d1260d359e091e98f225fc9c
SSDEEP

3072:DQIURTXJ+MbBFRo7iy4kp2Q2GTWTwzgevQSQpn1iamhYFTi37v:Ds9bBFRo7iy4/QcTwdvQBpUaRW37v

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  26f80b34f596d2a271fcc502aac2f634_JaffaCakes118
- Size
  
  162KB
- MD5
  
  26f80b34f596d2a271fcc502aac2f634
- SHA1
  
  b29c74384102019088c1e9c8557c28455323ab5f
- SHA256
  
  fefd063e8ec50a51e9ab75e3802f054303a7dd5d4c8bbcd8c62acb754c6e0349
- SHA512
  
  d47d469c74d84be39cb836fd1b85fe04f2d30307c2e5c1988f7952b912f4577e32e71ad1c4bff85e75bb56ff77852164e5ac1758d1260d359e091e98f225fc9c
- SSDEEP
  
  3072:DQIURTXJ+MbBFRo7iy4kp2Q2GTWTwzgevQSQpn1iamhYFTi37v:Ds9bBFRo7iy4/QcTwdvQBpUaRW37v
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  $TEMP/qqczyqmp.dll
- Size
  
  389KB
- MD5
  
  d8501587386400aba2c801a4f3e127c2
- SHA1
  
  3cef1819fb9a52a298173009e018c2ba7f1ee41e
- SHA256
  
  25a74f75360856d9e9f432ca8fa52897a98f44cad23aca950a7615ca119b82f2
- SHA512
  
  474bea8585b0a183cc67874726fb55447d0efd2b1fb079f5e7942259516e64912d7f6fe725659503d420eb7320d13a1752aa5451ca720d46ef02518253287c01
- SSDEEP
  
  3072:1SDdLRf06+2TwskxrZdlCQehrX/kePXDhDjCigRpXf7E0lc:16LRfrzvK38Qex/hzVCigRpXzE0lc
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4