79423b8ca42548c8af737cfdd5a54dae470a8434468825c1b2fa6962138db0e5 | Triage

Sharing

General

Target

de4f744825680e16a8f41d2810e9fe5c_JaffaCakes118
Size

2.5MB
Sample

240913-py3n3a1ekj
MD5

de4f744825680e16a8f41d2810e9fe5c
SHA1

a728b3a0b0346e20dde53e43c4154f460b2f9be9
SHA256

79423b8ca42548c8af737cfdd5a54dae470a8434468825c1b2fa6962138db0e5
SHA512

6b60d2d6fd216a315a67f50078faa6b724bdd55d04d68f4a77215112759ac68f8b43ad79d4e44709cb379b237ae70418ddbea0ae0a635579397c07d881f9460b
SSDEEP

49152:eT8Web0fr7djGPWE52NuOsQWeDGVklo0GUW/udDdkkDzYDo9s9biaGcTJUKv58ko:jWuCdiPWEMYnQWBVk60W/2ZbzbsQIJU9

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  de4f744825680e16a8f41d2810e9fe5c_JaffaCakes118
- Size
  
  2.5MB
- MD5
  
  de4f744825680e16a8f41d2810e9fe5c
- SHA1
  
  a728b3a0b0346e20dde53e43c4154f460b2f9be9
- SHA256
  
  79423b8ca42548c8af737cfdd5a54dae470a8434468825c1b2fa6962138db0e5
- SHA512
  
  6b60d2d6fd216a315a67f50078faa6b724bdd55d04d68f4a77215112759ac68f8b43ad79d4e44709cb379b237ae70418ddbea0ae0a635579397c07d881f9460b
- SSDEEP
  
  49152:eT8Web0fr7djGPWE52NuOsQWeDGVklo0GUW/udDdkkDzYDo9s9biaGcTJUKv58ko:jWuCdiPWEMYnQWBVk60W/2ZbzbsQIJU9
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence