5df9522e6459cea0a225484917c70db13c9aa36a08d786f4fa8ce0f4cf1c60b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0edc8fe04366184fb69e3f9064f079a_JaffaCakes118
Size

148KB
Sample

240907-degfya1flk
MD5

d0edc8fe04366184fb69e3f9064f079a
SHA1

491bec7e51cdea1d798342cf276b2ea842fb5f0e
SHA256

5df9522e6459cea0a225484917c70db13c9aa36a08d786f4fa8ce0f4cf1c60b1
SHA512

20f3b9b16040847f926b605e2b8671554784ffcff51a383f505ec6bb5e22b53148a4c1d4cb92b506b5e356edd8051dca1f925656066ff76b8f13c42ace0d1160
SSDEEP

3072:oTclhu8RMa5qexDRppTBVRft5Z/TJFX0cm:pfu8Ka7DxHRft5VTDtm

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  d0edc8fe04366184fb69e3f9064f079a_JaffaCakes118
- Size
  
  148KB
- MD5
  
  d0edc8fe04366184fb69e3f9064f079a
- SHA1
  
  491bec7e51cdea1d798342cf276b2ea842fb5f0e
- SHA256
  
  5df9522e6459cea0a225484917c70db13c9aa36a08d786f4fa8ce0f4cf1c60b1
- SHA512
  
  20f3b9b16040847f926b605e2b8671554784ffcff51a383f505ec6bb5e22b53148a4c1d4cb92b506b5e356edd8051dca1f925656066ff76b8f13c42ace0d1160
- SSDEEP
  
  3072:oTclhu8RMa5qexDRppTBVRft5Z/TJFX0cm:pfu8Ka7DxHRft5VTDtm
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2