03fb859539df4c61c6653637ddb06b3c8d5de67dd34cf51e09d3f08fad021189 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7cf197995818ced0028405bc425f4dc_JaffaCakes118
Size

46KB
Sample

240822-qpsm6ssbkr
MD5

b7cf197995818ced0028405bc425f4dc
SHA1

289d2cfc84c64093ec8707f22fd3559833cda224
SHA256

03fb859539df4c61c6653637ddb06b3c8d5de67dd34cf51e09d3f08fad021189
SHA512

6651990312d22fd51401162b655f66c745bf1d9d09763ebb6c0044f597de58845b205e542f02588f987defe1974e1ead0fc866bdc1f18fd950da647a12bdaac3
SSDEEP

768:ESd3AsrIXEh8WfsztZGBYKu9G/ZyTZj1urLdHjsdwOhme/O2MFn4LXx:MIomsztd2l3lsmOhmyO1Fn49

Score

8^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  b7cf197995818ced0028405bc425f4dc_JaffaCakes118
- Size
  
  46KB
- MD5
  
  b7cf197995818ced0028405bc425f4dc
- SHA1
  
  289d2cfc84c64093ec8707f22fd3559833cda224
- SHA256
  
  03fb859539df4c61c6653637ddb06b3c8d5de67dd34cf51e09d3f08fad021189
- SHA512
  
  6651990312d22fd51401162b655f66c745bf1d9d09763ebb6c0044f597de58845b205e542f02588f987defe1974e1ead0fc866bdc1f18fd950da647a12bdaac3
- SSDEEP
  
  768:ESd3AsrIXEh8WfsztZGBYKu9G/ZyTZj1urLdHjsdwOhme/O2MFn4LXx:MIomsztd2l3lsmOhmyO1Fn49
Score

8^/10

defense_evasion discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence

behavioral2

defense_evasiondiscoverypersistence