4c010bab2d3c48afb749b48bc8d0c5c626f8ae673a5b8839af4315187e3b8683 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df14ce9aabd7f014ce66b6a4ab7c4546_JaffaCakes118
Size

286KB
Sample

240913-3a1fpavbnn
MD5

df14ce9aabd7f014ce66b6a4ab7c4546
SHA1

76d6b15a9f7cb3ce160a338a89e2dc5af95e1023
SHA256

4c010bab2d3c48afb749b48bc8d0c5c626f8ae673a5b8839af4315187e3b8683
SHA512

5affe764c3eb8fc093e589c4095e900841de803711eff935d656c3292396d732533a20aebbfa9f455e303223e7b79bd609d68e8eb8c293421948ac4f8ec4b836
SSDEEP

6144:4UbgLyP0MSt84YhYdx6zgvZUNDdGg41llQrzG3UZil8:n10Zt8E5v4DUg4llJE8

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  df14ce9aabd7f014ce66b6a4ab7c4546_JaffaCakes118
- Size
  
  286KB
- MD5
  
  df14ce9aabd7f014ce66b6a4ab7c4546
- SHA1
  
  76d6b15a9f7cb3ce160a338a89e2dc5af95e1023
- SHA256
  
  4c010bab2d3c48afb749b48bc8d0c5c626f8ae673a5b8839af4315187e3b8683
- SHA512
  
  5affe764c3eb8fc093e589c4095e900841de803711eff935d656c3292396d732533a20aebbfa9f455e303223e7b79bd609d68e8eb8c293421948ac4f8ec4b836
- SSDEEP
  
  6144:4UbgLyP0MSt84YhYdx6zgvZUNDdGg41llQrzG3UZil8:n10Zt8E5v4DUg4llJE8
Score

8^/10

discovery evasion persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2