1fddded343a84baa9c7af7c7f13dde3089787fec9a7e3a931b34799193e1ccb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38f602c11dae1d97e28acc31066caf33_JaffaCakes118
Size

448KB
Sample

240711-nslb6axcle
MD5

38f602c11dae1d97e28acc31066caf33
SHA1

6bd863223ebbb409092624103fb8d9aed8674573
SHA256

1fddded343a84baa9c7af7c7f13dde3089787fec9a7e3a931b34799193e1ccb8
SHA512

770e8cab690357e773ff86fcf77e70236efada48e345d971f0a1f87049cf5f6d261c029b9d9a400801d39dd6aaef81f74e42aed06b3dbdcdeb297dde5ec71b31
SSDEEP

12288:8nrOs1mbcqFU0qq8mmMuFiO5eqQy39Yiv:MrWnn3uFiO5r9Yi

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  38f602c11dae1d97e28acc31066caf33_JaffaCakes118
- Size
  
  448KB
- MD5
  
  38f602c11dae1d97e28acc31066caf33
- SHA1
  
  6bd863223ebbb409092624103fb8d9aed8674573
- SHA256
  
  1fddded343a84baa9c7af7c7f13dde3089787fec9a7e3a931b34799193e1ccb8
- SHA512
  
  770e8cab690357e773ff86fcf77e70236efada48e345d971f0a1f87049cf5f6d261c029b9d9a400801d39dd6aaef81f74e42aed06b3dbdcdeb297dde5ec71b31
- SSDEEP
  
  12288:8nrOs1mbcqFU0qq8mmMuFiO5eqQy39Yiv:MrWnn3uFiO5r9Yi
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2