56bdf55dd0c9bcc1fe6da835c5e8a74a29b330adbb52b5026aae96c7df67d94d | Triage

Sharing

General

Target

b366a0c747fa84d262aadc58a825d6aa_JaffaCakes118
Size

392KB
Sample

240821-pbghba1dmm
MD5

b366a0c747fa84d262aadc58a825d6aa
SHA1

9d0c3aead0901543a038c4d0671d3f0d804e7632
SHA256

56bdf55dd0c9bcc1fe6da835c5e8a74a29b330adbb52b5026aae96c7df67d94d
SHA512

b4b934a9679d128540bdbe9ce4b677819ffa21c2d1939598d4bf4feee0003e0e82ac76a0f7514f90a78c0e2d5965486978947f9646df68f8fb91ca5de6d56241
SSDEEP

12288:d8aUyau9eyDi8Zwb2FJxjTwQN5fg1EtKV8P:d/9eyWKwkJxruno

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  b366a0c747fa84d262aadc58a825d6aa_JaffaCakes118
- Size
  
  392KB
- MD5
  
  b366a0c747fa84d262aadc58a825d6aa
- SHA1
  
  9d0c3aead0901543a038c4d0671d3f0d804e7632
- SHA256
  
  56bdf55dd0c9bcc1fe6da835c5e8a74a29b330adbb52b5026aae96c7df67d94d
- SHA512
  
  b4b934a9679d128540bdbe9ce4b677819ffa21c2d1939598d4bf4feee0003e0e82ac76a0f7514f90a78c0e2d5965486978947f9646df68f8fb91ca5de6d56241
- SSDEEP
  
  12288:d8aUyau9eyDi8Zwb2FJxjTwQN5fg1EtKV8P:d/9eyWKwkJxruno
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2