7af42dd9d325cfa006185cf21191d611ee65e9bdbebcda1668be196e99ca8961 | Triage

Sharing

General

Target

ed467226e85993b1e235ceb616259097_JaffaCakes118
Size

388KB
Sample

240920-k6d88ayhnm
MD5

ed467226e85993b1e235ceb616259097
SHA1

1082c832f1c367edd24e3a532281374177d865dc
SHA256

7af42dd9d325cfa006185cf21191d611ee65e9bdbebcda1668be196e99ca8961
SHA512

6a88efb05e650c410e10a59af8b991b618ec1dd345bca477c2451f230e9711db787a5384fccb31f8b0ccf705f43eef051eb6646335d0c8b9e9342805c0fc119a
SSDEEP

12288:5hkIVrdlwPao13sN336HA6yUgDTY7znv:5hZwjw3cAVUgo7znv

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  ed467226e85993b1e235ceb616259097_JaffaCakes118
- Size
  
  388KB
- MD5
  
  ed467226e85993b1e235ceb616259097
- SHA1
  
  1082c832f1c367edd24e3a532281374177d865dc
- SHA256
  
  7af42dd9d325cfa006185cf21191d611ee65e9bdbebcda1668be196e99ca8961
- SHA512
  
  6a88efb05e650c410e10a59af8b991b618ec1dd345bca477c2451f230e9711db787a5384fccb31f8b0ccf705f43eef051eb6646335d0c8b9e9342805c0fc119a
- SSDEEP
  
  12288:5hkIVrdlwPao13sN336HA6yUgDTY7znv:5hZwjw3cAVUgo7znv
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2