9a27efa3ebcb6f73d642f95f4a0f59e9749f38e843db3f2fc4a628660d4d297e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a5eba6a7c2927b8a49ece7fe32eba66_JaffaCakes118
Size

360KB
Sample

240708-azeajawepg
MD5

2a5eba6a7c2927b8a49ece7fe32eba66
SHA1

e13b90876a6dd2e8bc611ab95c81e3c571f72bbb
SHA256

9a27efa3ebcb6f73d642f95f4a0f59e9749f38e843db3f2fc4a628660d4d297e
SHA512

fe6d635bb0d597b24fa497359727e3bcea1c775a8aab37d1e14f10e4de1cc6ea6ac4a357cc89a8bede8df89d9f2d37d214c587c1f875501012dcd47a2fd6a363
SSDEEP

6144:eZQVxrEAQUZkid2cYE9836m+Lb7VMaXThaFdho8LPvPfKodXAO5ixqG:xfH6idT8KmWCwd8h1r+U

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  2a5eba6a7c2927b8a49ece7fe32eba66_JaffaCakes118
- Size
  
  360KB
- MD5
  
  2a5eba6a7c2927b8a49ece7fe32eba66
- SHA1
  
  e13b90876a6dd2e8bc611ab95c81e3c571f72bbb
- SHA256
  
  9a27efa3ebcb6f73d642f95f4a0f59e9749f38e843db3f2fc4a628660d4d297e
- SHA512
  
  fe6d635bb0d597b24fa497359727e3bcea1c775a8aab37d1e14f10e4de1cc6ea6ac4a357cc89a8bede8df89d9f2d37d214c587c1f875501012dcd47a2fd6a363
- SSDEEP
  
  6144:eZQVxrEAQUZkid2cYE9836m+Lb7VMaXThaFdho8LPvPfKodXAO5ixqG:xfH6idT8KmWCwd8h1r+U
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2