General
-
Target
c98a7b86841d98955bc780e8b00bc346_JaffaCakes118
-
Size
912KB
-
Sample
240829-yve82a1anq
-
MD5
c98a7b86841d98955bc780e8b00bc346
-
SHA1
8b16a4161ae545e6f7d817510e14ce4707b8535a
-
SHA256
ff5eecb4705f68dbe7d24bbc7980df89246193bf3590db4cc5d83043b2e56fdf
-
SHA512
e247f14ca898f207d0743350fd6c3b75a8c8d346374eb818592d4b663d3b0a1488154eddf6be7e064e03e9cb2dc1a0041c98db1362fd45ad7db580a4990372a5
-
SSDEEP
12288:1kdWDrb2rIvclIqZWAegXlAy/GX8P+BJgj9ysqSqhrqTMTmyTQjTGToQWacfh5SP:1qWzX0GeWuGy/X+BJg4+2q6TvCZkaS
Malware Config
Targets
-
-
Target
c98a7b86841d98955bc780e8b00bc346_JaffaCakes118
-
Size
912KB
-
MD5
c98a7b86841d98955bc780e8b00bc346
-
SHA1
8b16a4161ae545e6f7d817510e14ce4707b8535a
-
SHA256
ff5eecb4705f68dbe7d24bbc7980df89246193bf3590db4cc5d83043b2e56fdf
-
SHA512
e247f14ca898f207d0743350fd6c3b75a8c8d346374eb818592d4b663d3b0a1488154eddf6be7e064e03e9cb2dc1a0041c98db1362fd45ad7db580a4990372a5
-
SSDEEP
12288:1kdWDrb2rIvclIqZWAegXlAy/GX8P+BJgj9ysqSqhrqTMTmyTQjTGToQWacfh5SP:1qWzX0GeWuGy/X+BJg4+2q6TvCZkaS
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2