6180a981f9ea6c7d723adf87d04fe21dffc9b5f5759603ea0f20764164d640f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4abc368c1520f23dce1bfcac6496fac_JaffaCakes118
Size

149KB
Sample

240818-anglhsxgpq
MD5

a4abc368c1520f23dce1bfcac6496fac
SHA1

549253ad371634e655c3be6215e8da0f50d66207
SHA256

6180a981f9ea6c7d723adf87d04fe21dffc9b5f5759603ea0f20764164d640f5
SHA512

da02cbaea5fa23760fd765a2ae2520ec2831cc8e465132941b82189f3a92dba739882c78be88bb9ffb6b466bbccb09ef44129e78336814217fdf5de9ab251f04
SSDEEP

3072:QwkZLpqNDYm06rBSyvBhPI8c1xic81e5HUs9bBAXIrm:Qw8Lprm069SyvBGZajM5Hx9W4rm

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  a4abc368c1520f23dce1bfcac6496fac_JaffaCakes118
- Size
  
  149KB
- MD5
  
  a4abc368c1520f23dce1bfcac6496fac
- SHA1
  
  549253ad371634e655c3be6215e8da0f50d66207
- SHA256
  
  6180a981f9ea6c7d723adf87d04fe21dffc9b5f5759603ea0f20764164d640f5
- SHA512
  
  da02cbaea5fa23760fd765a2ae2520ec2831cc8e465132941b82189f3a92dba739882c78be88bb9ffb6b466bbccb09ef44129e78336814217fdf5de9ab251f04
- SSDEEP
  
  3072:QwkZLpqNDYm06rBSyvBhPI8c1xic81e5HUs9bBAXIrm:Qw8Lprm069SyvBGZajM5Hx9W4rm
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence