7e4b790acc4c1c45a81a986c561815786c0f96f295d4485306dea850ab1e6cdd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ffb422507d13561ade89a40ca785d94_JaffaCakes118
Size

460KB
Sample

240720-lrqt5swgkp
MD5

5ffb422507d13561ade89a40ca785d94
SHA1

d05b0e3969c0a3d1012aa75bf8d252bdda5ea906
SHA256

7e4b790acc4c1c45a81a986c561815786c0f96f295d4485306dea850ab1e6cdd
SHA512

05db449ccb6c137d947fb8fb00b6cec3a085505e21ad65dfd2a353e801c9440f3a5399804532c1a465974e68f4967ca580b01d32829aa330a33574f0afd453a0
SSDEEP

12288:pwOmbSkzjc/5/wv4BoL3vOncXewF5zd0sEt:pmukz4/fIAdQ2

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5ffb422507d13561ade89a40ca785d94_JaffaCakes118
- Size
  
  460KB
- MD5
  
  5ffb422507d13561ade89a40ca785d94
- SHA1
  
  d05b0e3969c0a3d1012aa75bf8d252bdda5ea906
- SHA256
  
  7e4b790acc4c1c45a81a986c561815786c0f96f295d4485306dea850ab1e6cdd
- SHA512
  
  05db449ccb6c137d947fb8fb00b6cec3a085505e21ad65dfd2a353e801c9440f3a5399804532c1a465974e68f4967ca580b01d32829aa330a33574f0afd453a0
- SSDEEP
  
  12288:pwOmbSkzjc/5/wv4BoL3vOncXewF5zd0sEt:pmukz4/fIAdQ2
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2