a5301062cb795f60b9eb8613e2eb6cb2d15e2e69d8d99f9b4ee45fc15dd8b33c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bad912274682324023e1d9b39d2faae_JaffaCakes118
Size

136KB
Sample

240708-kjqczatble
MD5

2bad912274682324023e1d9b39d2faae
SHA1

94111fae6f955ca1e12fa5a37ca3542b92123d8e
SHA256

a5301062cb795f60b9eb8613e2eb6cb2d15e2e69d8d99f9b4ee45fc15dd8b33c
SHA512

24e0baf9f94d231890606c856d5f4df9ad8eb225a1a8e36de78431384b55c21e8bd054f3d74cfad7721b4b682ce7a3493d22afe2a503158a0aa4c5c3e15b8bfe
SSDEEP

3072:IjItR3wxrO6qPTgkgoRy/czNyC3LMpqv308bPbyDiYc:BT3VUkgoIc5yCgIl2i

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2bad912274682324023e1d9b39d2faae_JaffaCakes118
- Size
  
  136KB
- MD5
  
  2bad912274682324023e1d9b39d2faae
- SHA1
  
  94111fae6f955ca1e12fa5a37ca3542b92123d8e
- SHA256
  
  a5301062cb795f60b9eb8613e2eb6cb2d15e2e69d8d99f9b4ee45fc15dd8b33c
- SHA512
  
  24e0baf9f94d231890606c856d5f4df9ad8eb225a1a8e36de78431384b55c21e8bd054f3d74cfad7721b4b682ce7a3493d22afe2a503158a0aa4c5c3e15b8bfe
- SSDEEP
  
  3072:IjItR3wxrO6qPTgkgoRy/czNyC3LMpqv308bPbyDiYc:BT3VUkgoIc5yCgIl2i
Score

7^/10

persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2