752d9e25236fb1cdf101f422ae48efa7a342598d9e6b0502b146e90867ccfdc8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

950eb7c431cb729f6aff9231dcf8b81b_JaffaCakes118
Size

444KB
Sample

240814-hppbratcmj
MD5

950eb7c431cb729f6aff9231dcf8b81b
SHA1

513d781a6b2a8eb0252b36d0db946b1b563823fd
SHA256

752d9e25236fb1cdf101f422ae48efa7a342598d9e6b0502b146e90867ccfdc8
SHA512

7679e92dc73c897013a7243deebf26822ae7bbe2f53be9f54ef8dd51e4641ff458dbf4178290fd771a75110939b900611aac91f2530d8a1133cb77b6467cfcca
SSDEEP

12288:qUNDcbel3ikOVJ2w0LmAGd7U9vD7YxVB8+:jKaLLZGd7U9r7G

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  950eb7c431cb729f6aff9231dcf8b81b_JaffaCakes118
- Size
  
  444KB
- MD5
  
  950eb7c431cb729f6aff9231dcf8b81b
- SHA1
  
  513d781a6b2a8eb0252b36d0db946b1b563823fd
- SHA256
  
  752d9e25236fb1cdf101f422ae48efa7a342598d9e6b0502b146e90867ccfdc8
- SHA512
  
  7679e92dc73c897013a7243deebf26822ae7bbe2f53be9f54ef8dd51e4641ff458dbf4178290fd771a75110939b900611aac91f2530d8a1133cb77b6467cfcca
- SSDEEP
  
  12288:qUNDcbel3ikOVJ2w0LmAGd7U9vD7YxVB8+:jKaLLZGd7U9r7G
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2