c5b4087ffcc898d9acb757cf465a31018f835d1c0bb8176d8c9885914cc1d6a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96a533ad60e50d9e49a9a14cb533be6e_JaffaCakes118
Size

109KB
Sample

240814-ssledazbka
MD5

96a533ad60e50d9e49a9a14cb533be6e
SHA1

4853f8b698cd7c401b2f563a2ade5e779c85ac70
SHA256

c5b4087ffcc898d9acb757cf465a31018f835d1c0bb8176d8c9885914cc1d6a5
SHA512

37cfae19263d034cd32664f2f7f515b1c972a01052ee8fecd9e0aebbf0035ef0266b39b999314edd96dda7304d1c518482cfa5f85869869a6b0cdaba6f790165
SSDEEP

1536:SRRahOm52vcfKdqvHeE+3mnjRYLx1I0u4q52aHqMFooZhZWlYI/UH5ljaDFeTULT:SRRWgYD7OHq52apxZf1K5FQhtWvd

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  96a533ad60e50d9e49a9a14cb533be6e_JaffaCakes118
- Size
  
  109KB
- MD5
  
  96a533ad60e50d9e49a9a14cb533be6e
- SHA1
  
  4853f8b698cd7c401b2f563a2ade5e779c85ac70
- SHA256
  
  c5b4087ffcc898d9acb757cf465a31018f835d1c0bb8176d8c9885914cc1d6a5
- SHA512
  
  37cfae19263d034cd32664f2f7f515b1c972a01052ee8fecd9e0aebbf0035ef0266b39b999314edd96dda7304d1c518482cfa5f85869869a6b0cdaba6f790165
- SSDEEP
  
  1536:SRRahOm52vcfKdqvHeE+3mnjRYLx1I0u4q52aHqMFooZhZWlYI/UH5ljaDFeTULT:SRRWgYD7OHq52apxZf1K5FQhtWvd
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence