a7395353081ee0eec72fde17588572abbe480a87fe1a0957162c646d97b7d19c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb28b497e124b2be589efb99f74a936c_JaffaCakes118
Size

2.0MB
Sample

240919-mp375avcpm
MD5

eb28b497e124b2be589efb99f74a936c
SHA1

202bfe3957c8a7571966c66806006942b95a669b
SHA256

a7395353081ee0eec72fde17588572abbe480a87fe1a0957162c646d97b7d19c
SHA512

9a8332dead2658673061790d2edd879b68479667439d88a1f8e53f5f0141ea1fdd126772ef82b6a329bfe96d4e1cdab5fe787dd5ac4c5bf3482d3eb966206ff1
SSDEEP

49152:SLxORYoEBZOjmvCG2QDxkh++W+8zn0j+3LNzpu2+ONhHjMoO72f:lFAoG2mkh++V/ku23bHwoO72f

Score

8^/10

defense_evasion discovery evasion execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  Re-Loader Activator 3.0 2/[email protected]
- Size
  
  2.2MB
- MD5
  
  7a1e364c3663554670acd14c96ea4352
- SHA1
  
  9511ac0c6f27db09e66363991f12f93117a97c38
- SHA256
  
  471f4d0f6e14686313fc6c4e213cde9bd2745deff2dd806518cc4c9f3fe0ea60
- SHA512
  
  45d95d1f789a800742868608bdda8e1b7d27332146cf653a20fc3456ba62c4b4e3fcda9385be2c61ae0c74ec4ed4303be8b7f931115801bf37721e8d7d73a430
- SSDEEP
  
  49152:PQKI3h6xdl0bT+r8wCtU3VvryekimJ2nvui:PQP3hWURoVy9i1nF
Score

1^/10
behavioral1 behavioral2
- Target
  
  Re-Loader Activator 3.0 2/SetupComplete.cmd
- Size
  
  331B
- MD5
  
  21a93c0f93ee99f60adf82478fc19c65
- SHA1
  
  1c7771aa4e2873ec92db5b78af1cc5c3f544c3cc
- SHA256
  
  353413c1c76ef3fb63ee05414474a1b90537b34e0d1584bd79d159a0b0602aea
- SHA512
  
  19254d21228497ea2adc596cc597e54448d1dd6ded4990ebd153b519af196bf9c84321272c4d94c535d18bb1a655e80a856f4cedb4b3ab6e49858b744dcb0eb9
Score

8^/10

defense_evasion discovery evasion execution persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion execution
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Indicator Removal

Clear Persistence

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

behavioral3

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalation

behavioral4

defense_evasionevasionexecutionpersistenceprivilege_escalation