a4c22404f0aaf35832ff67b13a45b42e023c8aa02d0d240a9dca0d6464a7a35d | Triage

Sharing

General

Target

eab1181d644b1fc91512497219929233_JaffaCakes118
Size

80KB
Sample

240919-gd82catcka
MD5

eab1181d644b1fc91512497219929233
SHA1

9815b16409886c2faaa833728a1b7a5a9605e8e3
SHA256

a4c22404f0aaf35832ff67b13a45b42e023c8aa02d0d240a9dca0d6464a7a35d
SHA512

659354852d0acfd4d2f97179be5ab2523b1d1bd179cbbd1c8a8c70e5cd57269847b99683b2726470ac0484e55ba5c099db56c464bac9de0d76676cc8fa827e60
SSDEEP

1536:9uC1dl50pS1HQg1YBWo04NUqkojFWHw5pe9Riz5MLXIbyO:9dL1H2jgkpemz5m4bT

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  eab1181d644b1fc91512497219929233_JaffaCakes118
- Size
  
  80KB
- MD5
  
  eab1181d644b1fc91512497219929233
- SHA1
  
  9815b16409886c2faaa833728a1b7a5a9605e8e3
- SHA256
  
  a4c22404f0aaf35832ff67b13a45b42e023c8aa02d0d240a9dca0d6464a7a35d
- SHA512
  
  659354852d0acfd4d2f97179be5ab2523b1d1bd179cbbd1c8a8c70e5cd57269847b99683b2726470ac0484e55ba5c099db56c464bac9de0d76676cc8fa827e60
- SSDEEP
  
  1536:9uC1dl50pS1HQg1YBWo04NUqkojFWHw5pe9Riz5MLXIbyO:9dL1H2jgkpemz5m4bT
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence