a4580a2d6b3fd6718473e696572ea0e750344707fae3e7de574409260ad92ee3 | Triage

Sharing

General

Target

b3ba3dd911ac3ad6da40b13b666310a1_JaffaCakes118
Size

476KB
Sample

240821-q853lsvgpn
MD5

b3ba3dd911ac3ad6da40b13b666310a1
SHA1

1b6b6e551ac2dce5e7abb9c17d693288a4a1402a
SHA256

a4580a2d6b3fd6718473e696572ea0e750344707fae3e7de574409260ad92ee3
SHA512

ad2d4d502adcce2228027cf1c2fa3c84bf276ddb80f5e76326f88d89980ea033efa3ac61dd2f51e9f561e8f31850bb9eff2d615c3ecdb7df78cca91be7a1bbc0
SSDEEP

12288:bG9uP69XK2bnRlUM50St9b4ZZj0rwySz7:MbNK2R6Mzg0kyS

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  b3ba3dd911ac3ad6da40b13b666310a1_JaffaCakes118
- Size
  
  476KB
- MD5
  
  b3ba3dd911ac3ad6da40b13b666310a1
- SHA1
  
  1b6b6e551ac2dce5e7abb9c17d693288a4a1402a
- SHA256
  
  a4580a2d6b3fd6718473e696572ea0e750344707fae3e7de574409260ad92ee3
- SHA512
  
  ad2d4d502adcce2228027cf1c2fa3c84bf276ddb80f5e76326f88d89980ea033efa3ac61dd2f51e9f561e8f31850bb9eff2d615c3ecdb7df78cca91be7a1bbc0
- SSDEEP
  
  12288:bG9uP69XK2bnRlUM50St9b4ZZj0rwySz7:MbNK2R6Mzg0kyS
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2