c27a2105a8e2cd7d522c2b4271f5eb1ef8beaec014480f8e4edbd012a3fc62e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6033f782e5691768b1e2708c8a316f24_JaffaCakes118
Size

342KB
Sample

240720-19wknsxhkg
MD5

6033f782e5691768b1e2708c8a316f24
SHA1

433ab616adcb5364a5515f993dd97414bfdf2055
SHA256

c27a2105a8e2cd7d522c2b4271f5eb1ef8beaec014480f8e4edbd012a3fc62e5
SHA512

099e8ed6015bbdaaffee633c3f3c2e5befbd6cd2f5870e4b715362e0517c0ba49ceaa21f0b747d1fd95e3540d2b651256bc595a420685582e2f1278f3df71639
SSDEEP

6144:Zt42S9Beu7vLKU5m0+iiZHJoa5qT0Ag6oFFRBGnGCRxX6K+:tyBe2Y0+iiZpJNANCFRBGGcl6z

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  6033f782e5691768b1e2708c8a316f24_JaffaCakes118
- Size
  
  342KB
- MD5
  
  6033f782e5691768b1e2708c8a316f24
- SHA1
  
  433ab616adcb5364a5515f993dd97414bfdf2055
- SHA256
  
  c27a2105a8e2cd7d522c2b4271f5eb1ef8beaec014480f8e4edbd012a3fc62e5
- SHA512
  
  099e8ed6015bbdaaffee633c3f3c2e5befbd6cd2f5870e4b715362e0517c0ba49ceaa21f0b747d1fd95e3540d2b651256bc595a420685582e2f1278f3df71639
- SSDEEP
  
  6144:Zt42S9Beu7vLKU5m0+iiZHJoa5qT0Ag6oFFRBGnGCRxX6K+:tyBe2Y0+iiZpJNANCFRBGGcl6z
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2