cbe02fdbf5d505e903f340ccefe5c02a411616b4d4225a8e3fce934a5669449b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa9a3e950f89d95d084a61eb3d4a7e37_JaffaCakes118
Size

1.9MB
Sample

240819-l8822sybje
MD5

aa9a3e950f89d95d084a61eb3d4a7e37
SHA1

c6878743a953fecc4b0ad00fd5d8021f758808a4
SHA256

cbe02fdbf5d505e903f340ccefe5c02a411616b4d4225a8e3fce934a5669449b
SHA512

4f390f83be79239f9c64e8699d196b8051003d0e14661502a3e44d674215de029628a85835377e5400ef1d4f45ad863d5cf37cb9cf6b1cedb7de2755ba728955
SSDEEP

12288:ZkgDGQvpDRrwVim70i9ECEHLixStkLhB4GZT7BZTwGlknTsR1Md+MfQ3ZPh6kPOx:Zpqatk1iAWsKdiNoL60HLtaD8

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  aa9a3e950f89d95d084a61eb3d4a7e37_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  aa9a3e950f89d95d084a61eb3d4a7e37
- SHA1
  
  c6878743a953fecc4b0ad00fd5d8021f758808a4
- SHA256
  
  cbe02fdbf5d505e903f340ccefe5c02a411616b4d4225a8e3fce934a5669449b
- SHA512
  
  4f390f83be79239f9c64e8699d196b8051003d0e14661502a3e44d674215de029628a85835377e5400ef1d4f45ad863d5cf37cb9cf6b1cedb7de2755ba728955
- SSDEEP
  
  12288:ZkgDGQvpDRrwVim70i9ECEHLixStkLhB4GZT7BZTwGlknTsR1Md+MfQ3ZPh6kPOx:Zpqatk1iAWsKdiNoL60HLtaD8
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2