5bf805e95cec883b5f27849d959ee470d0dc2449021a36be798204ad530f6209 | Triage

Sharing

General

Target

86e895edd25b9f6f6abd29bd5f565e82_JaffaCakes118
Size

307KB
Sample

240810-vjprjsyekm
MD5

86e895edd25b9f6f6abd29bd5f565e82
SHA1

b60bffbfa58a2b489e281cea904477dea616c8fd
SHA256

5bf805e95cec883b5f27849d959ee470d0dc2449021a36be798204ad530f6209
SHA512

af96680245a38d0939c017ba6dce367caa3843a13dd2b258c76903a2c2fe99eaa1fc05b8eae724e2917353e7d3a074f7a41b3ed19601406dba5a16f7b3afdd0a
SSDEEP

6144:/IdC570d+yY9kHUZ+5gBN0fJwbZ1gSRzDvli7Oq:kC57fHk0yJf79

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  86e895edd25b9f6f6abd29bd5f565e82_JaffaCakes118
- Size
  
  307KB
- MD5
  
  86e895edd25b9f6f6abd29bd5f565e82
- SHA1
  
  b60bffbfa58a2b489e281cea904477dea616c8fd
- SHA256
  
  5bf805e95cec883b5f27849d959ee470d0dc2449021a36be798204ad530f6209
- SHA512
  
  af96680245a38d0939c017ba6dce367caa3843a13dd2b258c76903a2c2fe99eaa1fc05b8eae724e2917353e7d3a074f7a41b3ed19601406dba5a16f7b3afdd0a
- SSDEEP
  
  6144:/IdC570d+yY9kHUZ+5gBN0fJwbZ1gSRzDvli7Oq:kC57fHk0yJf79
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence