b8a59b313b6139e4f76fa38e89e110c2a48232793e6fd7fca13cc7a7b14931ed | Triage

Sharing

General

Target

d56612f0bd5ecaacdcf880705632f542_JaffaCakes118
Size

68KB
Sample

240909-a8pgvstejq
MD5

d56612f0bd5ecaacdcf880705632f542
SHA1

d5805dda20d922262f989f909d71f11c3a6baa7e
SHA256

b8a59b313b6139e4f76fa38e89e110c2a48232793e6fd7fca13cc7a7b14931ed
SHA512

4a7d50b4619639a42863e3f17d72dc4b2cfb8b37020439fea67bd3a7a3333aa393d7c559422f1ded13eb8ee9a2a8793cc7076c4b88798afc75e16e56df312479
SSDEEP

1536:lNTBpLvCwbpfnSD1uBARA5yOV6zjPbw8L1o11D7C1t:nTnawlvSDund6zDc8L2st

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  d56612f0bd5ecaacdcf880705632f542_JaffaCakes118
- Size
  
  68KB
- MD5
  
  d56612f0bd5ecaacdcf880705632f542
- SHA1
  
  d5805dda20d922262f989f909d71f11c3a6baa7e
- SHA256
  
  b8a59b313b6139e4f76fa38e89e110c2a48232793e6fd7fca13cc7a7b14931ed
- SHA512
  
  4a7d50b4619639a42863e3f17d72dc4b2cfb8b37020439fea67bd3a7a3333aa393d7c559422f1ded13eb8ee9a2a8793cc7076c4b88798afc75e16e56df312479
- SSDEEP
  
  1536:lNTBpLvCwbpfnSD1uBARA5yOV6zjPbw8L1o11D7C1t:nTnawlvSDund6zDc8L2st
Score

8^/10

discovery evasion
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion