2202d569f96eb49bd8e7fc67b997aaaa7fa5563ec88d7fd33a79f932986a4798 | Triage

Sharing

General

Target

c289673501474f7fec2b16f435c90771_JaffaCakes118
Size

226KB
Sample

240826-ja1xnstejl
MD5

c289673501474f7fec2b16f435c90771
SHA1

0a5ee84f20863c5db6f0a71915ead920201df177
SHA256

2202d569f96eb49bd8e7fc67b997aaaa7fa5563ec88d7fd33a79f932986a4798
SHA512

d174bb6ba349ff47e36d9065e0ce396513631f80586a6e8eaaa0eccd2b017bd673dbd7717387b37333ccc0436683e8464acecf56abcb2f5be881fc56a0b0c086
SSDEEP

6144:aBBXY/rEv4AA2YMHScF1VXCaailJhApl:oIZAfB1VS

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c289673501474f7fec2b16f435c90771_JaffaCakes118
- Size
  
  226KB
- MD5
  
  c289673501474f7fec2b16f435c90771
- SHA1
  
  0a5ee84f20863c5db6f0a71915ead920201df177
- SHA256
  
  2202d569f96eb49bd8e7fc67b997aaaa7fa5563ec88d7fd33a79f932986a4798
- SHA512
  
  d174bb6ba349ff47e36d9065e0ce396513631f80586a6e8eaaa0eccd2b017bd673dbd7717387b37333ccc0436683e8464acecf56abcb2f5be881fc56a0b0c086
- SSDEEP
  
  6144:aBBXY/rEv4AA2YMHScF1VXCaailJhApl:oIZAfB1VS
Score

7^/10

discovery persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence