General
-
Target
be0bb427afb72750a32a7f79b4ba181f_JaffaCakes118
-
Size
637KB
-
Sample
240824-g3jgzsyfnq
-
MD5
be0bb427afb72750a32a7f79b4ba181f
-
SHA1
e3554be8302b82a84a8170f83b86ef53400b80a0
-
SHA256
28300a26a2bf7ec64421f75d4cd245a868685e46cfd21dbf421a358990a91df2
-
SHA512
9079809149bba7cead6623808a38d906ec221f59061194f7b308fef32e01f13dd8a5e3b4f521c5a5557e7dd3dbb61d372516c473b67214b7c527d756ac1dab16
-
SSDEEP
12288:tFlcBrgLSp65MWy3uR88z4yBU/3qO5yx1rGrAt5OCHjgC0:WBrgLSp2MWy3ui8fBa+KTGjm
Malware Config
Targets
-
-
Target
be0bb427afb72750a32a7f79b4ba181f_JaffaCakes118
-
Size
637KB
-
MD5
be0bb427afb72750a32a7f79b4ba181f
-
SHA1
e3554be8302b82a84a8170f83b86ef53400b80a0
-
SHA256
28300a26a2bf7ec64421f75d4cd245a868685e46cfd21dbf421a358990a91df2
-
SHA512
9079809149bba7cead6623808a38d906ec221f59061194f7b308fef32e01f13dd8a5e3b4f521c5a5557e7dd3dbb61d372516c473b67214b7c527d756ac1dab16
-
SSDEEP
12288:tFlcBrgLSp65MWy3uR88z4yBU/3qO5yx1rGrAt5OCHjgC0:WBrgLSp2MWy3ui8fBa+KTGjm
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1