fbb2756ff4e2c253639a138cd2360414120fa4509e35f925050691e16f679ae4 | Triage

Sharing

General

Target

8223474c242b93452847f1da39c47eeb_JaffaCakes118
Size

918KB
Sample

240801-3c8j3ssbpp
MD5

8223474c242b93452847f1da39c47eeb
SHA1

7e9d4f7da1143f743f9579dcd85cf99a090001f7
SHA256

fbb2756ff4e2c253639a138cd2360414120fa4509e35f925050691e16f679ae4
SHA512

06c2344c0c5f0c03b977b9c0062163d24922ab5f035c443ffa37508dd6597164db76ba94aae01ae93e363148784da54ac51ec21923d5edb27c7d96f5f73fbeac
SSDEEP

24576:b1gGx1bmiKp4ktHiE6mBcrcP5cCcMPmiEl/r:bJm7V75El

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  8223474c242b93452847f1da39c47eeb_JaffaCakes118
- Size
  
  918KB
- MD5
  
  8223474c242b93452847f1da39c47eeb
- SHA1
  
  7e9d4f7da1143f743f9579dcd85cf99a090001f7
- SHA256
  
  fbb2756ff4e2c253639a138cd2360414120fa4509e35f925050691e16f679ae4
- SHA512
  
  06c2344c0c5f0c03b977b9c0062163d24922ab5f035c443ffa37508dd6597164db76ba94aae01ae93e363148784da54ac51ec21923d5edb27c7d96f5f73fbeac
- SSDEEP
  
  24576:b1gGx1bmiKp4ktHiE6mBcrcP5cCcMPmiEl/r:bJm7V75El
Score

8^/10

discovery evasion persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence