b94b077a0f2b67724292eb24181801b11590e9bb3c6292998652384a8a8452a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d378d17837fbbd7e16d8cbf78a5a917c_JaffaCakes118
Size

28KB
Sample

240908-edxbfawerf
MD5

d378d17837fbbd7e16d8cbf78a5a917c
SHA1

25aa1c815c3e23059e9cf676a45ec720ae2f09e1
SHA256

b94b077a0f2b67724292eb24181801b11590e9bb3c6292998652384a8a8452a0
SHA512

ad1d53fe68e490fe73dd6ccc07f63a0b299bff8b26672ffd0ae2ed41294e433dcbcd1a8268ce56545635e5a93c3d701865bf19ec416622bc0d208c05301ecb26
SSDEEP

384:7Yzwaj1VC7JaXzzp0dgbTbt0DNKyE8ycyXZ9BhgZ09gEqW0Vw0C:5ajfqJMzNp5p3hs0qLVw0C

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  d378d17837fbbd7e16d8cbf78a5a917c_JaffaCakes118
- Size
  
  28KB
- MD5
  
  d378d17837fbbd7e16d8cbf78a5a917c
- SHA1
  
  25aa1c815c3e23059e9cf676a45ec720ae2f09e1
- SHA256
  
  b94b077a0f2b67724292eb24181801b11590e9bb3c6292998652384a8a8452a0
- SHA512
  
  ad1d53fe68e490fe73dd6ccc07f63a0b299bff8b26672ffd0ae2ed41294e433dcbcd1a8268ce56545635e5a93c3d701865bf19ec416622bc0d208c05301ecb26
- SSDEEP
  
  384:7Yzwaj1VC7JaXzzp0dgbTbt0DNKyE8ycyXZ9BhgZ09gEqW0Vw0C:5ajfqJMzNp5p3hs0qLVw0C
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2