438eb470413519af420b68bb1017ea989d4509d29a75c617dfd9cf8fcf0e17b7 | Triage

Sharing

General

Target

49c3b95bedd3d6cec4342c330c49e05c_JaffaCakes118
Size

393KB
Sample

240715-pkjn2atbrb
MD5

49c3b95bedd3d6cec4342c330c49e05c
SHA1

254f52e1e1ad0a9d28c8f03ccb3885a84576f9be
SHA256

438eb470413519af420b68bb1017ea989d4509d29a75c617dfd9cf8fcf0e17b7
SHA512

d914ab5260f7f0f2a12449dd1da00d3de0315233bcae53d115a10f179563724e4835d3cf801929e362b18fdd234391d20750548741547c2e8959047d4feb8c7a
SSDEEP

12288:kV3KpJI6xj1dV9fJcEXW4OYIb5IiENCaoV8P:OCb1dV9fJhXWGHNco

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  49c3b95bedd3d6cec4342c330c49e05c_JaffaCakes118
- Size
  
  393KB
- MD5
  
  49c3b95bedd3d6cec4342c330c49e05c
- SHA1
  
  254f52e1e1ad0a9d28c8f03ccb3885a84576f9be
- SHA256
  
  438eb470413519af420b68bb1017ea989d4509d29a75c617dfd9cf8fcf0e17b7
- SHA512
  
  d914ab5260f7f0f2a12449dd1da00d3de0315233bcae53d115a10f179563724e4835d3cf801929e362b18fdd234391d20750548741547c2e8959047d4feb8c7a
- SSDEEP
  
  12288:kV3KpJI6xj1dV9fJcEXW4OYIb5IiENCaoV8P:OCb1dV9fJhXWGHNco
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2