200fc406bc412862821033380b218d5919c370a2f0e7f331478d34d9500b70f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5efb13458bced6608b75796c348db937_JaffaCakes118
Size

197KB
Sample

240720-eshftszajf
MD5

5efb13458bced6608b75796c348db937
SHA1

69b374394df47de5c67275cdd1eeb30c56e7bdff
SHA256

200fc406bc412862821033380b218d5919c370a2f0e7f331478d34d9500b70f4
SHA512

3ced543be6077beceaa7bd6b2cb9fcc2557aacea89ec9eb8e669467b3f15394894b299f92c972546d9812bc2aed4426e74d5ca98682665968b9d098600054829
SSDEEP

3072:JnJ0V9X3g6gNWUudQetnUotgLluRFgyW8KMax8GD68PQenM1Q3Yf6h0qdjqXt6y:VJkpQcQAnlyLUWkaxx68PQWMr6Cq6

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  5efb13458bced6608b75796c348db937_JaffaCakes118
- Size
  
  197KB
- MD5
  
  5efb13458bced6608b75796c348db937
- SHA1
  
  69b374394df47de5c67275cdd1eeb30c56e7bdff
- SHA256
  
  200fc406bc412862821033380b218d5919c370a2f0e7f331478d34d9500b70f4
- SHA512
  
  3ced543be6077beceaa7bd6b2cb9fcc2557aacea89ec9eb8e669467b3f15394894b299f92c972546d9812bc2aed4426e74d5ca98682665968b9d098600054829
- SSDEEP
  
  3072:JnJ0V9X3g6gNWUudQetnUotgLluRFgyW8KMax8GD68PQenM1Q3Yf6h0qdjqXt6y:VJkpQcQAnlyLUWkaxx68PQWMr6Cq6
Score

7^/10

persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2