2c402449d8208be9c7547e67ca5ed1c7bbacba1f8cea00b727cf0e47e8beeb6d | Triage

Sharing

General

Target

89f612e1a71574eb7670bb65a11f150a_JaffaCakes118
Size

128KB
Sample

240811-l5t4qaygrb
MD5

89f612e1a71574eb7670bb65a11f150a
SHA1

e1f637ccc9166b8913b21afe795ba3782bd69141
SHA256

2c402449d8208be9c7547e67ca5ed1c7bbacba1f8cea00b727cf0e47e8beeb6d
SHA512

be4c5b49274b76743e2eda76c0d576a4e89b1f9a350f7e00b567337f223b67eaf4cf886899f9c18b1ff8c5bb3cc4164b23318d0414a84808707d9a5ff9edb68b
SSDEEP

3072:gGsu/6yr9fz8T67+RZGwThMo1Crzxrx5H:gGv/6yRfzY6IVT9qzBx5

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  89f612e1a71574eb7670bb65a11f150a_JaffaCakes118
- Size
  
  128KB
- MD5
  
  89f612e1a71574eb7670bb65a11f150a
- SHA1
  
  e1f637ccc9166b8913b21afe795ba3782bd69141
- SHA256
  
  2c402449d8208be9c7547e67ca5ed1c7bbacba1f8cea00b727cf0e47e8beeb6d
- SHA512
  
  be4c5b49274b76743e2eda76c0d576a4e89b1f9a350f7e00b567337f223b67eaf4cf886899f9c18b1ff8c5bb3cc4164b23318d0414a84808707d9a5ff9edb68b
- SSDEEP
  
  3072:gGsu/6yr9fz8T67+RZGwThMo1Crzxrx5H:gGv/6yRfzY6IVT9qzBx5
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence