5154dcfedc8d82e0f8ba54f7a92d2841411bb181188569a62609fcbadfb04657 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acf33473dce0b784479f366ebac424bc_JaffaCakes118
Size

121KB
Sample

240819-222bmavclq
MD5

acf33473dce0b784479f366ebac424bc
SHA1

275760d40ccdadee76da305db92aef4edf71eab1
SHA256

5154dcfedc8d82e0f8ba54f7a92d2841411bb181188569a62609fcbadfb04657
SHA512

95f4f26d5dd394fc751d5573b5f4da4dd0f06c72a0918d3166661fcb8d137451a1a36779d0e12778377bc1f6119a9b301bf27fb0e7b07bd6fe2472ebe2fe8f86
SSDEEP

3072:XC4m03cj/UtPWSqbMhBVY1tMwiHbgqv+:XPm03+UtPWR03Y1t

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  acf33473dce0b784479f366ebac424bc_JaffaCakes118
- Size
  
  121KB
- MD5
  
  acf33473dce0b784479f366ebac424bc
- SHA1
  
  275760d40ccdadee76da305db92aef4edf71eab1
- SHA256
  
  5154dcfedc8d82e0f8ba54f7a92d2841411bb181188569a62609fcbadfb04657
- SHA512
  
  95f4f26d5dd394fc751d5573b5f4da4dd0f06c72a0918d3166661fcb8d137451a1a36779d0e12778377bc1f6119a9b301bf27fb0e7b07bd6fe2472ebe2fe8f86
- SSDEEP
  
  3072:XC4m03cj/UtPWSqbMhBVY1tMwiHbgqv+:XPm03+UtPWR03Y1t
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence