91adc91b987483cd58b894c01f7bed438ee611f2b4b4bfbb32a2b03f52880f84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c46cfbc79a1b383ba28961da12621b3_JaffaCakes118
Size

408KB
Sample

240811-2nr6ssselr
MD5

8c46cfbc79a1b383ba28961da12621b3
SHA1

84234beb857e3cc41d45b7519f6f6e691d95caa8
SHA256

91adc91b987483cd58b894c01f7bed438ee611f2b4b4bfbb32a2b03f52880f84
SHA512

301b2fb0592c077b2406f77e394f8b80dd0a8c3b7508dacaeffb9bbed47510e03a9bd763e036040cee0e6fbed7ee6001c2a958597c554af1797b071b73ce3081
SSDEEP

12288:0q4QShw323n5cM1NtNy6hKlTwiJa2G9pMN:TS5TXNVAwiHG9pMN

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  8c46cfbc79a1b383ba28961da12621b3_JaffaCakes118
- Size
  
  408KB
- MD5
  
  8c46cfbc79a1b383ba28961da12621b3
- SHA1
  
  84234beb857e3cc41d45b7519f6f6e691d95caa8
- SHA256
  
  91adc91b987483cd58b894c01f7bed438ee611f2b4b4bfbb32a2b03f52880f84
- SHA512
  
  301b2fb0592c077b2406f77e394f8b80dd0a8c3b7508dacaeffb9bbed47510e03a9bd763e036040cee0e6fbed7ee6001c2a958597c554af1797b071b73ce3081
- SSDEEP
  
  12288:0q4QShw323n5cM1NtNy6hKlTwiJa2G9pMN:TS5TXNVAwiHG9pMN
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2