953fa4842e8792798378808a0618bbf18b76834683813a51d5a850c0ab7da41f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2de6375283559fcace989e930f9f1c2_JaffaCakes118
Size

392KB
Sample

240907-z95b5sydjd
MD5

d2de6375283559fcace989e930f9f1c2
SHA1

c15291f544574cbdb2868cb8a2e1644d1a791874
SHA256

953fa4842e8792798378808a0618bbf18b76834683813a51d5a850c0ab7da41f
SHA512

29051d6193028cdd8e16d92bc65812f71ce346ccc97ce2b294b534a38678c8a20985f4708838a953c8f66f8ce15e30855a24889f778e74f11cadcc50cbba4529
SSDEEP

12288:CDXUyau9eyDi8Zwb2FJxjTwQN5fg1Eth6XEb:eR9eyWKwkJxruLUb

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  d2de6375283559fcace989e930f9f1c2_JaffaCakes118
- Size
  
  392KB
- MD5
  
  d2de6375283559fcace989e930f9f1c2
- SHA1
  
  c15291f544574cbdb2868cb8a2e1644d1a791874
- SHA256
  
  953fa4842e8792798378808a0618bbf18b76834683813a51d5a850c0ab7da41f
- SHA512
  
  29051d6193028cdd8e16d92bc65812f71ce346ccc97ce2b294b534a38678c8a20985f4708838a953c8f66f8ce15e30855a24889f778e74f11cadcc50cbba4529
- SSDEEP
  
  12288:CDXUyau9eyDi8Zwb2FJxjTwQN5fg1Eth6XEb:eR9eyWKwkJxruLUb
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2