c108cbce3f0ce1014e7837dac9c2f9c295d29ce9dbc445b0d95cefe76c96926c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d69a32d65210103f2bef5d3e5bb32641_JaffaCakes118
Size

452KB
Sample

240909-syn3fsvhkn
MD5

d69a32d65210103f2bef5d3e5bb32641
SHA1

fac60af7a47655696c22e19e863bc8dd5331841a
SHA256

c108cbce3f0ce1014e7837dac9c2f9c295d29ce9dbc445b0d95cefe76c96926c
SHA512

e16aa2cff151f5bc7cdf19671dc2f2b9adb14d0801b1c5cb027ac64d80e7328edba680cf66e79baa5b0e665d8823fe8e103402dba1bceaf2f31cfc5ce32872ec
SSDEEP

12288:S5RrtZyhpw6wyI6qZgLGO1/3ujvcFcGrr:+P162gOc

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  d69a32d65210103f2bef5d3e5bb32641_JaffaCakes118
- Size
  
  452KB
- MD5
  
  d69a32d65210103f2bef5d3e5bb32641
- SHA1
  
  fac60af7a47655696c22e19e863bc8dd5331841a
- SHA256
  
  c108cbce3f0ce1014e7837dac9c2f9c295d29ce9dbc445b0d95cefe76c96926c
- SHA512
  
  e16aa2cff151f5bc7cdf19671dc2f2b9adb14d0801b1c5cb027ac64d80e7328edba680cf66e79baa5b0e665d8823fe8e103402dba1bceaf2f31cfc5ce32872ec
- SSDEEP
  
  12288:S5RrtZyhpw6wyI6qZgLGO1/3ujvcFcGrr:+P162gOc
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2