5d05135b012e45809db6aac2495201c32f94e59bab6a66307e898c5dc9e9e2d1 | Triage

Sharing

General

Target

2a9c2055eb3ae1f0c97059f30bef9a75_JaffaCakes118
Size

920KB
Sample

240708-ch61bszcje
MD5

2a9c2055eb3ae1f0c97059f30bef9a75
SHA1

a0e8f260716e6fd0c5f60532fe1a7e9d244b22b8
SHA256

5d05135b012e45809db6aac2495201c32f94e59bab6a66307e898c5dc9e9e2d1
SHA512

816f22601219c9af41cfbbdedf8192e5b86a956fba1b653a6a7880cf96e48f4e2d470b4751bd10fce17d1d1a183ada8a4afa03cf3349409246b3e8eaa6fb5574
SSDEEP

12288:5iu7xXNAZGLh1fd0MNWc7j3SRX1Xr41+HczP/e7gV/ngTCzc2W7zCf5tenIXkS/m:MutXdLCatt/e8SPrG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2a9c2055eb3ae1f0c97059f30bef9a75_JaffaCakes118
- Size
  
  920KB
- MD5
  
  2a9c2055eb3ae1f0c97059f30bef9a75
- SHA1
  
  a0e8f260716e6fd0c5f60532fe1a7e9d244b22b8
- SHA256
  
  5d05135b012e45809db6aac2495201c32f94e59bab6a66307e898c5dc9e9e2d1
- SHA512
  
  816f22601219c9af41cfbbdedf8192e5b86a956fba1b653a6a7880cf96e48f4e2d470b4751bd10fce17d1d1a183ada8a4afa03cf3349409246b3e8eaa6fb5574
- SSDEEP
  
  12288:5iu7xXNAZGLh1fd0MNWc7j3SRX1Xr41+HczP/e7gV/ngTCzc2W7zCf5tenIXkS/m:MutXdLCatt/e8SPrG
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence