25dcee458e90ea1e97c9904fdf18e81bb3ed3c0e745ab5bb2e6809be3d17eef8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3c9a64ded063b417724e0130e1beada_JaffaCakes118
Size

125KB
Sample

240908-hnp7navaph
MD5

d3c9a64ded063b417724e0130e1beada
SHA1

94ae638ae93ef175475e9251c1a8c49b6fab607c
SHA256

25dcee458e90ea1e97c9904fdf18e81bb3ed3c0e745ab5bb2e6809be3d17eef8
SHA512

b9f49be54464ed23f526d4140282cddb85b4201a4fc409d213201440c88b05e3ff91b15b4f767ddb0704a7932503ee78b253694b8aff4f4b65abf88ef563c09a
SSDEEP

3072:JA5BLfDtRO4TYJ8jLdJG9EYuHX2TzVuw2pyNtFP61qMuFHuK+KlHaNJn:JA5Z7tRO4TYCC9EYaO49Q53MuHufLn

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  d3c9a64ded063b417724e0130e1beada_JaffaCakes118
- Size
  
  125KB
- MD5
  
  d3c9a64ded063b417724e0130e1beada
- SHA1
  
  94ae638ae93ef175475e9251c1a8c49b6fab607c
- SHA256
  
  25dcee458e90ea1e97c9904fdf18e81bb3ed3c0e745ab5bb2e6809be3d17eef8
- SHA512
  
  b9f49be54464ed23f526d4140282cddb85b4201a4fc409d213201440c88b05e3ff91b15b4f767ddb0704a7932503ee78b253694b8aff4f4b65abf88ef563c09a
- SSDEEP
  
  3072:JA5BLfDtRO4TYJ8jLdJG9EYuHX2TzVuw2pyNtFP61qMuFHuK+KlHaNJn:JA5Z7tRO4TYCC9EYaO49Q53MuHufLn
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence