f1e2823b1e124dc72f79e11bd1372105278168d3b2a52c6a2357d8166d28f62d | Triage

Sharing

General

Target

e17321d4743a3276f1c3174334a045b6_JaffaCakes118
Size

448KB
Sample

240915-b2cedsyfpj
MD5

e17321d4743a3276f1c3174334a045b6
SHA1

8fce6a5c298894a7e15af000bd5da693a26c655c
SHA256

f1e2823b1e124dc72f79e11bd1372105278168d3b2a52c6a2357d8166d28f62d
SHA512

298c758eefe45c9d8150cded7a0f3e1e73d05c375422ac553050a3dbd522aa09832648bb757b6b81559a70b0c2a2ae8310f9cc9b7e8e9e16c5083b5011f889ce
SSDEEP

12288:gnrOs1mbcqFU0qq8mAuFiO5eqQy39Yiv:YrWnnAuFiO5r9Yi

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  e17321d4743a3276f1c3174334a045b6_JaffaCakes118
- Size
  
  448KB
- MD5
  
  e17321d4743a3276f1c3174334a045b6
- SHA1
  
  8fce6a5c298894a7e15af000bd5da693a26c655c
- SHA256
  
  f1e2823b1e124dc72f79e11bd1372105278168d3b2a52c6a2357d8166d28f62d
- SHA512
  
  298c758eefe45c9d8150cded7a0f3e1e73d05c375422ac553050a3dbd522aa09832648bb757b6b81559a70b0c2a2ae8310f9cc9b7e8e9e16c5083b5011f889ce
- SSDEEP
  
  12288:gnrOs1mbcqFU0qq8mAuFiO5eqQy39Yiv:YrWnnAuFiO5r9Yi
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2