82b2c897ab940ab11d2f6f7cb78eb2c192adf6bc1df8256021cb8905b4f87f5d | Triage

Sharing

General

Target

a4d0e1ea56cf8501c50580c9e9bfe72e_JaffaCakes118
Size

444KB
Sample

240818-bj8pwaxclc
MD5

a4d0e1ea56cf8501c50580c9e9bfe72e
SHA1

02f328024cd73e81b3ffddea3bf2fc2a88b27e83
SHA256

82b2c897ab940ab11d2f6f7cb78eb2c192adf6bc1df8256021cb8905b4f87f5d
SHA512

f6f92e7803adb73fcc37cd2a75b0340eeb35a3f183c2f435e2b720991a12cb3e3b4297c488e7fd90529bc2936a602c9d2294ad51fe81bb9510ab8f8cfd03b763
SSDEEP

12288:SUNDcbel3ikOVJ2w0LmAGd7U9vD7YxVB8+:7KaLLZGd7U9r7G

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  a4d0e1ea56cf8501c50580c9e9bfe72e_JaffaCakes118
- Size
  
  444KB
- MD5
  
  a4d0e1ea56cf8501c50580c9e9bfe72e
- SHA1
  
  02f328024cd73e81b3ffddea3bf2fc2a88b27e83
- SHA256
  
  82b2c897ab940ab11d2f6f7cb78eb2c192adf6bc1df8256021cb8905b4f87f5d
- SHA512
  
  f6f92e7803adb73fcc37cd2a75b0340eeb35a3f183c2f435e2b720991a12cb3e3b4297c488e7fd90529bc2936a602c9d2294ad51fe81bb9510ab8f8cfd03b763
- SSDEEP
  
  12288:SUNDcbel3ikOVJ2w0LmAGd7U9vD7YxVB8+:7KaLLZGd7U9r7G
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2