59cc2373efcf296d30dca9ecc6b15bc5a84963ef3a43e824340ce9b1fac60d1c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c9ce08f6cc11b40da0ae70d21ddfaf9_JaffaCakes118
Size

321KB
Sample

240719-tbsb2ascle
MD5

5c9ce08f6cc11b40da0ae70d21ddfaf9
SHA1

134e2bfb56bc8d1003c541f0fbb6eb60cd6eac73
SHA256

59cc2373efcf296d30dca9ecc6b15bc5a84963ef3a43e824340ce9b1fac60d1c
SHA512

dca3caab70dc5ced7b3887539dd0f4891e90a94969f85e4899667c4c695e1dd0ee2706202cee55197a18e8042a108ef9697015d6c7242b3e30243f30f401f92b
SSDEEP

6144:FT+FQobd7pswMHScIOq1G/PTRnC2CkErfog:gFhbGycBqwTRC2gcg

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  5c9ce08f6cc11b40da0ae70d21ddfaf9_JaffaCakes118
- Size
  
  321KB
- MD5
  
  5c9ce08f6cc11b40da0ae70d21ddfaf9
- SHA1
  
  134e2bfb56bc8d1003c541f0fbb6eb60cd6eac73
- SHA256
  
  59cc2373efcf296d30dca9ecc6b15bc5a84963ef3a43e824340ce9b1fac60d1c
- SHA512
  
  dca3caab70dc5ced7b3887539dd0f4891e90a94969f85e4899667c4c695e1dd0ee2706202cee55197a18e8042a108ef9697015d6c7242b3e30243f30f401f92b
- SSDEEP
  
  6144:FT+FQobd7pswMHScIOq1G/PTRnC2CkErfog:gFhbGycBqwTRC2gcg
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2