f39b5b349bdd296f4b811dd3b8e1721f5366f7b597e1b466a510a71ffd73edb9 | Triage

Sharing

General

Target

ee78fbd570f8b0ab8c23f041c783c905_JaffaCakes118
Size

448KB
Sample

240920-1h285szcnn
MD5

ee78fbd570f8b0ab8c23f041c783c905
SHA1

0576c6ce71dae98e0519d992a57873c5754b407e
SHA256

f39b5b349bdd296f4b811dd3b8e1721f5366f7b597e1b466a510a71ffd73edb9
SHA512

a4dec41852a6bff8ca171e5a254e2662dc68fb40c6a939b2adefbd23a788f1f1abcb0ee918ee4971d2c3dd1f4630efa12a5bf6ad1f8bb5c3c9727e485cd6f0ac
SSDEEP

12288:0nrOs1mbcqFU0qq8mEuFiO5eqQy39Yiv:ErWnnEuFiO5r9Yi

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  ee78fbd570f8b0ab8c23f041c783c905_JaffaCakes118
- Size
  
  448KB
- MD5
  
  ee78fbd570f8b0ab8c23f041c783c905
- SHA1
  
  0576c6ce71dae98e0519d992a57873c5754b407e
- SHA256
  
  f39b5b349bdd296f4b811dd3b8e1721f5366f7b597e1b466a510a71ffd73edb9
- SHA512
  
  a4dec41852a6bff8ca171e5a254e2662dc68fb40c6a939b2adefbd23a788f1f1abcb0ee918ee4971d2c3dd1f4630efa12a5bf6ad1f8bb5c3c9727e485cd6f0ac
- SSDEEP
  
  12288:0nrOs1mbcqFU0qq8mEuFiO5eqQy39Yiv:ErWnnEuFiO5r9Yi
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2