156f940afb79f0ae3a13c766d9e5aa2e40870db2421f4b245f49135dc7b0f0af | Triage

Sharing

General

Target

3356aae4f5a2a83cb062e91f544fd3df_JaffaCakes118
Size

3.3MB
Sample

240710-fc1sxaxcpn
MD5

3356aae4f5a2a83cb062e91f544fd3df
SHA1

d3e7b148cc7231cf2b99dbb53c95998169b1f831
SHA256

156f940afb79f0ae3a13c766d9e5aa2e40870db2421f4b245f49135dc7b0f0af
SHA512

2d56ddfbdd3e14f0e29831173d122cc6d5094d098f3d4e91ca0c2af388da22a441abe92a25977f9f859dde5d8076a38fc7877b56866a6fa5875bd63681f8e0e8
SSDEEP

12288:xrNogwflQWMw28nPi1Ken9UWDoUWtoOBFeBnJ8z490JWcm0:xrNoPflokn2KzWDHWtvc+Jy0

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  3356aae4f5a2a83cb062e91f544fd3df_JaffaCakes118
- Size
  
  3.3MB
- MD5
  
  3356aae4f5a2a83cb062e91f544fd3df
- SHA1
  
  d3e7b148cc7231cf2b99dbb53c95998169b1f831
- SHA256
  
  156f940afb79f0ae3a13c766d9e5aa2e40870db2421f4b245f49135dc7b0f0af
- SHA512
  
  2d56ddfbdd3e14f0e29831173d122cc6d5094d098f3d4e91ca0c2af388da22a441abe92a25977f9f859dde5d8076a38fc7877b56866a6fa5875bd63681f8e0e8
- SSDEEP
  
  12288:xrNogwflQWMw28nPi1Ken9UWDoUWtoOBFeBnJ8z490JWcm0:xrNoPflokn2KzWDHWtvc+Jy0
Score

7^/10

discovery evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan