0ac068468a36991e6fa6fd80470b9f624d1a9c4efe34813ddc43e555d7eb3122 | Triage

Sharing

General

Target

5ccc51f168e50e2ed218d48a705eb34f_JaffaCakes118
Size

391KB
Sample

240719-valzastfrf
MD5

5ccc51f168e50e2ed218d48a705eb34f
SHA1

508da33861ca598cc24ecf6a31834438711ff38c
SHA256

0ac068468a36991e6fa6fd80470b9f624d1a9c4efe34813ddc43e555d7eb3122
SHA512

2be78de4f292225159784cc92d8a786861a1b4bfed3d8079c7dce60a1099f741f10956333bfa489dd6035b253e20dc93b5f295c044ce61a662d080c1b8f11f98
SSDEEP

12288:0cwHp6Q14ayTdSp+QrXsN0B5j4NI223aKF7:0VZ7yhaRXs2QqCKF7

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5ccc51f168e50e2ed218d48a705eb34f_JaffaCakes118
- Size
  
  391KB
- MD5
  
  5ccc51f168e50e2ed218d48a705eb34f
- SHA1
  
  508da33861ca598cc24ecf6a31834438711ff38c
- SHA256
  
  0ac068468a36991e6fa6fd80470b9f624d1a9c4efe34813ddc43e555d7eb3122
- SHA512
  
  2be78de4f292225159784cc92d8a786861a1b4bfed3d8079c7dce60a1099f741f10956333bfa489dd6035b253e20dc93b5f295c044ce61a662d080c1b8f11f98
- SSDEEP
  
  12288:0cwHp6Q14ayTdSp+QrXsN0B5j4NI223aKF7:0VZ7yhaRXs2QqCKF7
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2