ceaee0c1d50ee6bea2bd1dabe03e4ff7fb3c9a5ddcdc992bab85ea58b05e15b4 | Triage

Sharing

General

Target

a6c254a7704f918c3c17ab73192ccd29_JaffaCakes118
Size

388KB
Sample

240818-p85amsxcjp
MD5

a6c254a7704f918c3c17ab73192ccd29
SHA1

d7edcb7312309f59144c17f32a301692534b003d
SHA256

ceaee0c1d50ee6bea2bd1dabe03e4ff7fb3c9a5ddcdc992bab85ea58b05e15b4
SHA512

07d25e7ea37be29a1e174a61d7fd5b3fd14a6ea951bd0cce258a85229edf669d1b16ec9955477a4c6ffeaa9f651c8817ab94179d66c78fc4904bf8546c90b28b
SSDEEP

12288:MXgfjm9PxPFVYqWNTO6V+n75cIO3VJ1b:zfy9pF+qWN7+75cR3Vr

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  a6c254a7704f918c3c17ab73192ccd29_JaffaCakes118
- Size
  
  388KB
- MD5
  
  a6c254a7704f918c3c17ab73192ccd29
- SHA1
  
  d7edcb7312309f59144c17f32a301692534b003d
- SHA256
  
  ceaee0c1d50ee6bea2bd1dabe03e4ff7fb3c9a5ddcdc992bab85ea58b05e15b4
- SHA512
  
  07d25e7ea37be29a1e174a61d7fd5b3fd14a6ea951bd0cce258a85229edf669d1b16ec9955477a4c6ffeaa9f651c8817ab94179d66c78fc4904bf8546c90b28b
- SSDEEP
  
  12288:MXgfjm9PxPFVYqWNTO6V+n75cIO3VJ1b:zfy9pF+qWN7+75cR3Vr
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2