7b5db8852759ac8e98cf480f7fdf8dffb92c4b30efb54dae6c607924ccba786a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4327cff89513fb3e66b608cb9ee41b5d_JaffaCakes118
Size

1.7MB
Sample

240713-yt6dtsvgjr
MD5

4327cff89513fb3e66b608cb9ee41b5d
SHA1

04b815fa1fd7369788ad4422648499f090390794
SHA256

7b5db8852759ac8e98cf480f7fdf8dffb92c4b30efb54dae6c607924ccba786a
SHA512

c8d3fec3ef0d4923721953eeb3255d800b272619f7668e371aabe313f44e89b207d3b53d0b7463ed2818678a05be5b89bf8596380f0d59d38f3ec193caa7f382
SSDEEP

49152:6PgPFd+WQyBBBBBBBBBBBBBBBBBBBBBBBBJBBBBBBBBBBBBBBBBBBBBBBBBBBBBc:64TQyBBBBBBBBBBBBBBBBBBBBBBBBJB7

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  4327cff89513fb3e66b608cb9ee41b5d_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  4327cff89513fb3e66b608cb9ee41b5d
- SHA1
  
  04b815fa1fd7369788ad4422648499f090390794
- SHA256
  
  7b5db8852759ac8e98cf480f7fdf8dffb92c4b30efb54dae6c607924ccba786a
- SHA512
  
  c8d3fec3ef0d4923721953eeb3255d800b272619f7668e371aabe313f44e89b207d3b53d0b7463ed2818678a05be5b89bf8596380f0d59d38f3ec193caa7f382
- SSDEEP
  
  49152:6PgPFd+WQyBBBBBBBBBBBBBBBBBBBBBBBBJBBBBBBBBBBBBBBBBBBBBBBBBBBBBc:64TQyBBBBBBBBBBBBBBBBBBBBBBBBJB7
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence