b3e54cf5aea671f07b64a3e2cadfa1dd3f8fa2c115cb0b0b966df2dd45658b1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8512dc2ed565857f3d30211a7ebccf56_JaffaCakes118
Size

168KB
Sample

240810-gzy39syekl
MD5

8512dc2ed565857f3d30211a7ebccf56
SHA1

989866ab2972cfba78cde7e32c9ba33c99091e85
SHA256

b3e54cf5aea671f07b64a3e2cadfa1dd3f8fa2c115cb0b0b966df2dd45658b1f
SHA512

919b46a9ae3c1123c35ee3bcbea5bbb25af2f07ab9ae7637f9d1df7d5710234c314cea8765108e539e362bf40e469594f287922842fed1b1b62d7b800d9c0324
SSDEEP

1536:Dz43i6EJ02LyV3kFdp+0zI1ZBjhRDmmHeIcinLJcoHQHF3i6EJ02LyV3rEpn:DzLyV3kF21im+YLzLyV3Ipn

Score

10^/10

defense_evasion discovery evasion persistence

Malware Config

Targets

- Target
  
  8512dc2ed565857f3d30211a7ebccf56_JaffaCakes118
- Size
  
  168KB
- MD5
  
  8512dc2ed565857f3d30211a7ebccf56
- SHA1
  
  989866ab2972cfba78cde7e32c9ba33c99091e85
- SHA256
  
  b3e54cf5aea671f07b64a3e2cadfa1dd3f8fa2c115cb0b0b966df2dd45658b1f
- SHA512
  
  919b46a9ae3c1123c35ee3bcbea5bbb25af2f07ab9ae7637f9d1df7d5710234c314cea8765108e539e362bf40e469594f287922842fed1b1b62d7b800d9c0324
- SSDEEP
  
  1536:Dz43i6EJ02LyV3kFdp+0zI1ZBjhRDmmHeIcinLJcoHQHF3i6EJ02LyV3rEpn:DzLyV3kF21im+YLzLyV3Ipn
Score

10^/10

defense_evasion discovery evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Adds Run key to start application
  persistence
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Hide Artifacts: Hidden Users
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Hidden Users

Modify Registry

Credential Access

Discovery

Network Share Discovery

Permission Groups Discovery

Local Groups

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistence

behavioral2

defense_evasiondiscoveryevasionpersistence