16befa1ba51321ba8ea5eec80bcc2db22cfe7287bc6ad2bffe1850b601cca644 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c5929ae00e6ba9862bcbfb5b35118bf_JaffaCakes118
Size

432KB
Sample

240719-rwy9zawbpl
MD5

5c5929ae00e6ba9862bcbfb5b35118bf
SHA1

ee880e1e97edf10833dc320d06f11b89b9682e68
SHA256

16befa1ba51321ba8ea5eec80bcc2db22cfe7287bc6ad2bffe1850b601cca644
SHA512

37093dedb9f03c2a5e2a93eabb4e72836bd2609426874cd15ce7bcceb5e48e7ac69461849f614e074874788de8b6cbcb238f0cdfb584c34c908d0e4c03fd13ef
SSDEEP

6144:m+Rtmw1T/cj/z5HcXWYC2O4HHq4ZLiGFoO5N9OysX4MMkwzNcUKku:m+n5/G/z9tYY4q4ZNFoO/9qX4MMlzKk

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5c5929ae00e6ba9862bcbfb5b35118bf_JaffaCakes118
- Size
  
  432KB
- MD5
  
  5c5929ae00e6ba9862bcbfb5b35118bf
- SHA1
  
  ee880e1e97edf10833dc320d06f11b89b9682e68
- SHA256
  
  16befa1ba51321ba8ea5eec80bcc2db22cfe7287bc6ad2bffe1850b601cca644
- SHA512
  
  37093dedb9f03c2a5e2a93eabb4e72836bd2609426874cd15ce7bcceb5e48e7ac69461849f614e074874788de8b6cbcb238f0cdfb584c34c908d0e4c03fd13ef
- SSDEEP
  
  6144:m+Rtmw1T/cj/z5HcXWYC2O4HHq4ZLiGFoO5N9OysX4MMkwzNcUKku:m+n5/G/z9tYY4q4ZNFoO/9qX4MMlzKk
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2