b2526747c2a7812ccdc1ca2de94b6c122420b017e95a066cf9fef3d3d33c9258 | Triage

Sharing

General

Target

3cccba71afd3003ae713d5cedb3be268_JaffaCakes118
Size

342KB
Sample

240712-laxw5azblc
MD5

3cccba71afd3003ae713d5cedb3be268
SHA1

d15199435fb2495a8d69e1e7c0468d627cb5ebb1
SHA256

b2526747c2a7812ccdc1ca2de94b6c122420b017e95a066cf9fef3d3d33c9258
SHA512

a12fd78d04f179f9fc49b83b90b125451aa9c1a67ad76430c09cdaa71e0e9c2443b24d23042952f46332d6cd25bd6b28c44301ca103d4af4d9f837dc521b4f2a
SSDEEP

6144:TStb2S9Beu7vLKU5m0+iiZHJoa5qT0Ag6oFFRBGnGCRxX6GWxwon:T9yBe2Y0+iiZpJNANCFRBGGcl6G4n

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  3cccba71afd3003ae713d5cedb3be268_JaffaCakes118
- Size
  
  342KB
- MD5
  
  3cccba71afd3003ae713d5cedb3be268
- SHA1
  
  d15199435fb2495a8d69e1e7c0468d627cb5ebb1
- SHA256
  
  b2526747c2a7812ccdc1ca2de94b6c122420b017e95a066cf9fef3d3d33c9258
- SHA512
  
  a12fd78d04f179f9fc49b83b90b125451aa9c1a67ad76430c09cdaa71e0e9c2443b24d23042952f46332d6cd25bd6b28c44301ca103d4af4d9f837dc521b4f2a
- SSDEEP
  
  6144:TStb2S9Beu7vLKU5m0+iiZHJoa5qT0Ag6oFFRBGnGCRxX6GWxwon:T9yBe2Y0+iiZpJNANCFRBGGcl6G4n
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2