72aa646a5043b6febe2d7c615e9f42e467e33308d14070dbd5158921b8cb2868 | Triage

Sharing

General

Target

81c84b2c57a4d5631e0a876f1b8a736b_JaffaCakes118
Size

245KB
Sample

240801-1aj3lawgpm
MD5

81c84b2c57a4d5631e0a876f1b8a736b
SHA1

dc31105d96b9f7146a23aa040c6e4ad63f4ef16f
SHA256

72aa646a5043b6febe2d7c615e9f42e467e33308d14070dbd5158921b8cb2868
SHA512

e35ff70f87b1dd1d3c1f8d80b0977a1f5b06b7b6a50e80d22f7a219ea44c9a9b5a3921053442d46ade02dad334a5ff093d7735f18dad8a4495daa2c8daafd586
SSDEEP

6144:dUtGQe1uvG9SnNOaF2iHuQLudYaID292oHxcsx7:dGfCu+9OOu77udYhM2oH+E7

Score

8^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  81c84b2c57a4d5631e0a876f1b8a736b_JaffaCakes118
- Size
  
  245KB
- MD5
  
  81c84b2c57a4d5631e0a876f1b8a736b
- SHA1
  
  dc31105d96b9f7146a23aa040c6e4ad63f4ef16f
- SHA256
  
  72aa646a5043b6febe2d7c615e9f42e467e33308d14070dbd5158921b8cb2868
- SHA512
  
  e35ff70f87b1dd1d3c1f8d80b0977a1f5b06b7b6a50e80d22f7a219ea44c9a9b5a3921053442d46ade02dad334a5ff093d7735f18dad8a4495daa2c8daafd586
- SSDEEP
  
  6144:dUtGQe1uvG9SnNOaF2iHuQLudYaID292oHxcsx7:dGfCu+9OOu77udYhM2oH+E7
Score

8^/10

defense_evasion discovery persistence
- Blocklisted process makes network request
- Server Software Component: Terminal Services DLL
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence

behavioral2