dba252908f9501e7463462927d6b37c8e5a41bde95fdfaed194eb6216c341033 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d8b22d665509a708f1edcc407e02f51_JaffaCakes118
Size

113KB
Sample

240712-qll18axdqa
MD5

3d8b22d665509a708f1edcc407e02f51
SHA1

9a97b4c8b071cb8e0d6b56f591cbc5ccf9509a35
SHA256

dba252908f9501e7463462927d6b37c8e5a41bde95fdfaed194eb6216c341033
SHA512

6330f4fb5ad08acc51a75d2499e05297d78a1e9f63ab9bac517168d0b1e238623e2c1b61488a89c6c04deb1f662698c539f32fbbf2fa4c2a3297016210932d91
SSDEEP

3072:aCP3sW1jnjmroyBzmxOnBRZNxo7aX/3n:aCPcsjjmroy17186/X

Score

6^/10

Malware Config

Targets

- Target
  
  3d8b22d665509a708f1edcc407e02f51_JaffaCakes118
- Size
  
  113KB
- MD5
  
  3d8b22d665509a708f1edcc407e02f51
- SHA1
  
  9a97b4c8b071cb8e0d6b56f591cbc5ccf9509a35
- SHA256
  
  dba252908f9501e7463462927d6b37c8e5a41bde95fdfaed194eb6216c341033
- SHA512
  
  6330f4fb5ad08acc51a75d2499e05297d78a1e9f63ab9bac517168d0b1e238623e2c1b61488a89c6c04deb1f662698c539f32fbbf2fa4c2a3297016210932d91
- SSDEEP
  
  3072:aCP3sW1jnjmroyBzmxOnBRZNxo7aX/3n:aCPcsjjmroy17186/X
Score

6^/10
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2