b31647c9bfabfbb6169b74b5af8aa8f32ac2a6e24ea56b05e523f6bc57c3a3b2 | Triage

Sharing

General

Target

3ed05558d5a864a41461f027f1fec42b_JaffaCakes118
Size

393KB
Sample

240712-zhtrbs1hpd
MD5

3ed05558d5a864a41461f027f1fec42b
SHA1

eeb0e98468b17459abb5812254d391049a6e3745
SHA256

b31647c9bfabfbb6169b74b5af8aa8f32ac2a6e24ea56b05e523f6bc57c3a3b2
SHA512

3c025afdb6f5e554442a9bb1f6c7862c1a63d133772c2f68545a81fad9c5ac5962e22fac8dfb042ba79c894e256da217602bcbe3745c50c630c0f0de7fc59b30
SSDEEP

12288:czBAG3KpJI6xj1dV9fJcEXW4OYIb5IiENCaMZ1:cz2GCb1dV9fJhXWGHNa1

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  3ed05558d5a864a41461f027f1fec42b_JaffaCakes118
- Size
  
  393KB
- MD5
  
  3ed05558d5a864a41461f027f1fec42b
- SHA1
  
  eeb0e98468b17459abb5812254d391049a6e3745
- SHA256
  
  b31647c9bfabfbb6169b74b5af8aa8f32ac2a6e24ea56b05e523f6bc57c3a3b2
- SHA512
  
  3c025afdb6f5e554442a9bb1f6c7862c1a63d133772c2f68545a81fad9c5ac5962e22fac8dfb042ba79c894e256da217602bcbe3745c50c630c0f0de7fc59b30
- SSDEEP
  
  12288:czBAG3KpJI6xj1dV9fJcEXW4OYIb5IiENCaMZ1:cz2GCb1dV9fJhXWGHNa1
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2