1518a6c3c826c9e8a8344d9385361234474374e363648978b70b92eb78df7ba2 | Triage

Sharing

General

Target

b5dde1b6c9a81d5cda0a623d9c5aeadc_JaffaCakes118
Size

149KB
Sample

240822-b4vzhswbmj
MD5

b5dde1b6c9a81d5cda0a623d9c5aeadc
SHA1

36c2d10d74587fa758504c710fbb5a900e0e6c0f
SHA256

1518a6c3c826c9e8a8344d9385361234474374e363648978b70b92eb78df7ba2
SHA512

29b430ec469cb95b88936b4bb6f12d3cfe7f95096af5032e03f3fddf577d981ed19860441d401488247dadd596d64287ddf022e6457eb379f12e35394eba4d2c
SSDEEP

3072:DRQG1hLvAs2J88HTq0+k56kibCu9PSWcBWlJkL/:DJhLoZS8HTq0+G6kltMkL/

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  b5dde1b6c9a81d5cda0a623d9c5aeadc_JaffaCakes118
- Size
  
  149KB
- MD5
  
  b5dde1b6c9a81d5cda0a623d9c5aeadc
- SHA1
  
  36c2d10d74587fa758504c710fbb5a900e0e6c0f
- SHA256
  
  1518a6c3c826c9e8a8344d9385361234474374e363648978b70b92eb78df7ba2
- SHA512
  
  29b430ec469cb95b88936b4bb6f12d3cfe7f95096af5032e03f3fddf577d981ed19860441d401488247dadd596d64287ddf022e6457eb379f12e35394eba4d2c
- SSDEEP
  
  3072:DRQG1hLvAs2J88HTq0+k56kibCu9PSWcBWlJkL/:DJhLoZS8HTq0+G6kltMkL/
Score

8^/10

discovery evasion
- Looks for VMWare Tools registry key
  evasion
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion