e573b42daae8b8ba60046b50530e9d94b5dd10c0447cd6093f3c7e5e28cd16ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5b1bc4942977769d0b129a1c2cba620_JaffaCakes118
Size

408KB
Sample

240909-fqccgashkp
MD5

d5b1bc4942977769d0b129a1c2cba620
SHA1

93ac79f5edf965144405c2e9354ecf1f42e26574
SHA256

e573b42daae8b8ba60046b50530e9d94b5dd10c0447cd6093f3c7e5e28cd16ca
SHA512

ab97acbdab4cab6818d914d0e0041b0f03db05c1b3614245e1fb5471888e8e97d0a9a1aef3943fa4c50101e880bd983369ed9ae2bd4aa6e4aa0af015868eff62
SSDEEP

12288:shmjgh6pQscHg+yeTY/xLLVfsZvTmROE:BUHg+wrfsBmZ

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  d5b1bc4942977769d0b129a1c2cba620_JaffaCakes118
- Size
  
  408KB
- MD5
  
  d5b1bc4942977769d0b129a1c2cba620
- SHA1
  
  93ac79f5edf965144405c2e9354ecf1f42e26574
- SHA256
  
  e573b42daae8b8ba60046b50530e9d94b5dd10c0447cd6093f3c7e5e28cd16ca
- SHA512
  
  ab97acbdab4cab6818d914d0e0041b0f03db05c1b3614245e1fb5471888e8e97d0a9a1aef3943fa4c50101e880bd983369ed9ae2bd4aa6e4aa0af015868eff62
- SSDEEP
  
  12288:shmjgh6pQscHg+yeTY/xLLVfsZvTmROE:BUHg+wrfsBmZ
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2