f06590549e4d091634f1810d3b05f8d1c35b9f98849e14afb2e171813f4329f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

449b817baf76d633d23fab6f4f2a730e_JaffaCakes118
Size

284KB
Sample

240714-grp6ds1gkh
MD5

449b817baf76d633d23fab6f4f2a730e
SHA1

c9b7906a49456f4cb40ac930388d4a458aad381b
SHA256

f06590549e4d091634f1810d3b05f8d1c35b9f98849e14afb2e171813f4329f1
SHA512

73057200f1df141dc0c1b156eb8833cc6518b6b8b65b0db69dab8fc4ec1d6debf104f61a9b6f77a2decb9f93a5be014a772949d9f5006d5d3cd5e7d58fb5a615
SSDEEP

6144:qNq6AL17HPwmDDANk9eAMez58Tu4+4lAGBI9gGSwDpc6j:qM6AL17HB19xHLBj

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  449b817baf76d633d23fab6f4f2a730e_JaffaCakes118
- Size
  
  284KB
- MD5
  
  449b817baf76d633d23fab6f4f2a730e
- SHA1
  
  c9b7906a49456f4cb40ac930388d4a458aad381b
- SHA256
  
  f06590549e4d091634f1810d3b05f8d1c35b9f98849e14afb2e171813f4329f1
- SHA512
  
  73057200f1df141dc0c1b156eb8833cc6518b6b8b65b0db69dab8fc4ec1d6debf104f61a9b6f77a2decb9f93a5be014a772949d9f5006d5d3cd5e7d58fb5a615
- SSDEEP
  
  6144:qNq6AL17HPwmDDANk9eAMez58Tu4+4lAGBI9gGSwDpc6j:qM6AL17HB19xHLBj
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2