6c475401d3806efea375d1e823aef0b234b41ee49b0db4c9053b37d04aa339e2 | Triage

Sharing

General

Target

bcb98fd9f6a2fa5877592cd8e4e2417a_JaffaCakes118
Size

24KB
Sample

240823-w8d7sazclf
MD5

bcb98fd9f6a2fa5877592cd8e4e2417a
SHA1

c394c2f318e2b248a2ce350915b56f36e1b909fb
SHA256

6c475401d3806efea375d1e823aef0b234b41ee49b0db4c9053b37d04aa339e2
SHA512

d3d8364d470e24b75b16535465d66fd0042dbd5ad82ddeb0da6d1a33a95cc9a59ccb6204bdba527f85642d3ce145b333f9e2ed3a8853b054cac64dbf51db70b7
SSDEEP

192:/Tp0z+E+Wyska/f8T7NQa9l1UREImpnZ1I9yXWAEv:/TCv+WysM7mwoknk9yXWrv

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  bcb98fd9f6a2fa5877592cd8e4e2417a_JaffaCakes118
- Size
  
  24KB
- MD5
  
  bcb98fd9f6a2fa5877592cd8e4e2417a
- SHA1
  
  c394c2f318e2b248a2ce350915b56f36e1b909fb
- SHA256
  
  6c475401d3806efea375d1e823aef0b234b41ee49b0db4c9053b37d04aa339e2
- SHA512
  
  d3d8364d470e24b75b16535465d66fd0042dbd5ad82ddeb0da6d1a33a95cc9a59ccb6204bdba527f85642d3ce145b333f9e2ed3a8853b054cac64dbf51db70b7
- SSDEEP
  
  192:/Tp0z+E+Wyska/f8T7NQa9l1UREImpnZ1I9yXWAEv:/TCv+WysM7mwoknk9yXWrv
Score

8^/10

discovery evasion persistence
- Disables RegEdit via registry modification
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence