12dda67ad41f60836db8264949d9868f88e5c2beed54ada627c94131fed35d75 | Triage

Sharing

General

Target

c882e402abf5218a6af00dddc6385327_JaffaCakes118
Size

432KB
Sample

240829-kr6d6asfld
MD5

c882e402abf5218a6af00dddc6385327
SHA1

6a025fc44fc500111f8daf980e12e21e9691da72
SHA256

12dda67ad41f60836db8264949d9868f88e5c2beed54ada627c94131fed35d75
SHA512

f205668101037f2046888d9908d1b8b6e08a3f4fc6c4812c9ad0b5f8017ca014b8f7786309a80648fb3570508ba3e83bc7642d02e985fdf138df102043c71c01
SSDEEP

12288:gyiHDBNOMpAaBYUAXqM5Pyfs79r+XFauktB9BI:gycDBkraB7AX75FuCB9BI

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  c882e402abf5218a6af00dddc6385327_JaffaCakes118
- Size
  
  432KB
- MD5
  
  c882e402abf5218a6af00dddc6385327
- SHA1
  
  6a025fc44fc500111f8daf980e12e21e9691da72
- SHA256
  
  12dda67ad41f60836db8264949d9868f88e5c2beed54ada627c94131fed35d75
- SHA512
  
  f205668101037f2046888d9908d1b8b6e08a3f4fc6c4812c9ad0b5f8017ca014b8f7786309a80648fb3570508ba3e83bc7642d02e985fdf138df102043c71c01
- SSDEEP
  
  12288:gyiHDBNOMpAaBYUAXqM5Pyfs79r+XFauktB9BI:gycDBkraB7AX75FuCB9BI
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2