a5e488c1fd20c4b5dd0214ed39136ef5278cae40aaf3b8098e53e3e8f75f5f46 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65ae5b57f3fcc199726554c5ca17082b_JaffaCakes118
Size

568KB
Sample

240723-b88q6s1are
MD5

65ae5b57f3fcc199726554c5ca17082b
SHA1

34db5e500a0518de9c2830fbdaab720819062520
SHA256

a5e488c1fd20c4b5dd0214ed39136ef5278cae40aaf3b8098e53e3e8f75f5f46
SHA512

39e58ddaef5a0005379a03a20bd029ae5102061b7254eccb063dfbca6406fb979e132a3d83f36ef87fa8ecef9f3fb0643c2f49510c78109a1ca343d5a6fec62d
SSDEEP

12288:gm1k2bTK/e+F8HqXblYgIdwCXxvLR+Eo8AFQp5E2awrp5GiKG2JvCI8o+:/x87OXNR+VaEmQ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  65ae5b57f3fcc199726554c5ca17082b_JaffaCakes118
- Size
  
  568KB
- MD5
  
  65ae5b57f3fcc199726554c5ca17082b
- SHA1
  
  34db5e500a0518de9c2830fbdaab720819062520
- SHA256
  
  a5e488c1fd20c4b5dd0214ed39136ef5278cae40aaf3b8098e53e3e8f75f5f46
- SHA512
  
  39e58ddaef5a0005379a03a20bd029ae5102061b7254eccb063dfbca6406fb979e132a3d83f36ef87fa8ecef9f3fb0643c2f49510c78109a1ca343d5a6fec62d
- SSDEEP
  
  12288:gm1k2bTK/e+F8HqXblYgIdwCXxvLR+Eo8AFQp5E2awrp5GiKG2JvCI8o+:/x87OXNR+VaEmQ
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence