54358318cfa3547af2dcb34770178473e7a80b239684a30f900aab5d358da078 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b31a71a4a3ad2ddd793f34859b29145_JaffaCakes118
Size

393KB
Sample

240711-3rq9casbnc
MD5

3b31a71a4a3ad2ddd793f34859b29145
SHA1

cd7fc16b26bfcfcc5e335bf028d900da48f2562f
SHA256

54358318cfa3547af2dcb34770178473e7a80b239684a30f900aab5d358da078
SHA512

5e6894adb0b828b0fc9e0d7aadb74d6dd0a5a3d58eba5e1d8a29c647748100d95cc2fc568629c89fc9b23e0ded5a3d5c61f8aa1bb0897fa2fc5085e2a55ea10a
SSDEEP

12288:eV3KpJI6xj1dV9fJcEXW4OYIb5IiENCaoV8P:4Cb1dV9fJhXWGHNco

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  3b31a71a4a3ad2ddd793f34859b29145_JaffaCakes118
- Size
  
  393KB
- MD5
  
  3b31a71a4a3ad2ddd793f34859b29145
- SHA1
  
  cd7fc16b26bfcfcc5e335bf028d900da48f2562f
- SHA256
  
  54358318cfa3547af2dcb34770178473e7a80b239684a30f900aab5d358da078
- SHA512
  
  5e6894adb0b828b0fc9e0d7aadb74d6dd0a5a3d58eba5e1d8a29c647748100d95cc2fc568629c89fc9b23e0ded5a3d5c61f8aa1bb0897fa2fc5085e2a55ea10a
- SSDEEP
  
  12288:eV3KpJI6xj1dV9fJcEXW4OYIb5IiENCaoV8P:4Cb1dV9fJhXWGHNco
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2