2c73896e63ee3a1270044447bf2d242309b5cd3ade6a4a2e9f06a388be5aa157 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e5d341a87c3770eb5870cbcef9f5eff_JaffaCakes118
Size

284KB
Sample

240812-md26pawhjm
MD5

8e5d341a87c3770eb5870cbcef9f5eff
SHA1

d4264457701a0221d34d1853dc02e242db991650
SHA256

2c73896e63ee3a1270044447bf2d242309b5cd3ade6a4a2e9f06a388be5aa157
SHA512

5e1556e4b792e13c3f0485ba98bf4a358dfd09951b6e6a2df358cb9c7e7b3978f5ac6e667b84e601e12e2b6826be610a70701052f652cd5d7a7a38800c1283ee
SSDEEP

3072:5TyYZ5msXpTFWbVx0Rf/Eat7DhZKtQZKQ3t0gj1XvdAPzoeUUlNQcL92D:/Z5ZFWbAR3pt7lZKaZKwt1JfdALofOx

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  8e5d341a87c3770eb5870cbcef9f5eff_JaffaCakes118
- Size
  
  284KB
- MD5
  
  8e5d341a87c3770eb5870cbcef9f5eff
- SHA1
  
  d4264457701a0221d34d1853dc02e242db991650
- SHA256
  
  2c73896e63ee3a1270044447bf2d242309b5cd3ade6a4a2e9f06a388be5aa157
- SHA512
  
  5e1556e4b792e13c3f0485ba98bf4a358dfd09951b6e6a2df358cb9c7e7b3978f5ac6e667b84e601e12e2b6826be610a70701052f652cd5d7a7a38800c1283ee
- SSDEEP
  
  3072:5TyYZ5msXpTFWbVx0Rf/Eat7DhZKtQZKQ3t0gj1XvdAPzoeUUlNQcL92D:/Z5ZFWbAR3pt7lZKaZKwt1JfdALofOx
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence