gh0strat | a2fb397461d74213d9861d87d880390299d395a26852c0d1c30337bcb6e4567e | Triage

Sharing

General

Target

b2d1903f12411593c4ddd0fccde50319_JaffaCakes118
Size

184KB
Sample

240821-kqvw2atarl
MD5

b2d1903f12411593c4ddd0fccde50319
SHA1

ba9f90f96f92d0c040a61de8939ae2a0f2d2b5c9
SHA256

a2fb397461d74213d9861d87d880390299d395a26852c0d1c30337bcb6e4567e
SHA512

fdeb887c20d9ff21ebcf0c8f2d30759c37838324c6232e5b03bd5c00a74c23bd6385cf96a26b9a38d2c770892e7db6c68ce94ebf0f3c538c5ee4889162ece159
SSDEEP

3072:mtaBk6WvG9v4j63IWg/1y14FDTZ2WRDiPa3TBft8nIiHtLlmI:GaBk6Wvgvw7H/8167hiPa3TBl8nIiHtT

Score

10^/10

gh0strat discovery persistence

Malware Config

Targets

- Target
  
  b2d1903f12411593c4ddd0fccde50319_JaffaCakes118
- Size
  
  184KB
- MD5
  
  b2d1903f12411593c4ddd0fccde50319
- SHA1
  
  ba9f90f96f92d0c040a61de8939ae2a0f2d2b5c9
- SHA256
  
  a2fb397461d74213d9861d87d880390299d395a26852c0d1c30337bcb6e4567e
- SHA512
  
  fdeb887c20d9ff21ebcf0c8f2d30759c37838324c6232e5b03bd5c00a74c23bd6385cf96a26b9a38d2c770892e7db6c68ce94ebf0f3c538c5ee4889162ece159
- SSDEEP
  
  3072:mtaBk6WvG9v4j63IWg/1y14FDTZ2WRDiPa3TBft8nIiHtLlmI:GaBk6Wvgvw7H/8167hiPa3TBl8nIiHtT
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence