General
-
Target
af10deae5b6f71130260467d877a4661_JaffaCakes118
-
Size
149KB
-
Sample
240820-nrne5azama
-
MD5
af10deae5b6f71130260467d877a4661
-
SHA1
0935a1a1ad83f1bb49197b992ed6b03e3b3de39a
-
SHA256
b8ac4309b319dae0fced99da3a92eb5f4e3bc93a948edd4937bb5f526fb8774f
-
SHA512
8a657381926888371d29151b5d9a59a1f93fde9c3a5e705ea2bde0f8104146c23100fc516ab35affdf26db43966714d8cde1b2752a390d55378343ea7be256e4
-
SSDEEP
3072:eDMEsdcg9+xQgxbDVigBV1mkQcW6qXS7wtO9cGxexelQlPM:e+NkxQPgXUclqXS8A9cG8JM
Malware Config
Targets
-
-
Target
af10deae5b6f71130260467d877a4661_JaffaCakes118
-
Size
149KB
-
MD5
af10deae5b6f71130260467d877a4661
-
SHA1
0935a1a1ad83f1bb49197b992ed6b03e3b3de39a
-
SHA256
b8ac4309b319dae0fced99da3a92eb5f4e3bc93a948edd4937bb5f526fb8774f
-
SHA512
8a657381926888371d29151b5d9a59a1f93fde9c3a5e705ea2bde0f8104146c23100fc516ab35affdf26db43966714d8cde1b2752a390d55378343ea7be256e4
-
SSDEEP
3072:eDMEsdcg9+xQgxbDVigBV1mkQcW6qXS7wtO9cGxexelQlPM:e+NkxQPgXUclqXS8A9cG8JM
Score8/10-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1AppInit DLLs
1