1cd3f805bba564c28d16e4295e7be6fe6ca7f4737127dd3c77e944de798e2933 | Triage

Sharing

General

Target

edca1cffd1ff2bdfc57153a3205fee28_JaffaCakes118
Size

127KB
Sample

240920-rtspea1gnl
MD5

edca1cffd1ff2bdfc57153a3205fee28
SHA1

79563ea503b604223667265df8c7990d46c9f09a
SHA256

1cd3f805bba564c28d16e4295e7be6fe6ca7f4737127dd3c77e944de798e2933
SHA512

b418cf6c085e549765bc71448a4351300ebe94cf27b499f8f77baf0e14f4d334ea3e3670651a08151cd5ed08d851c933dbf713829dab78ba0dbaeaa839619232
SSDEEP

3072:SvBkbFPqDSJ/mGPcp/Tvq/r+JYq/78bw/JNtWG:+03qjQ+JYq/gcIG

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  edca1cffd1ff2bdfc57153a3205fee28_JaffaCakes118
- Size
  
  127KB
- MD5
  
  edca1cffd1ff2bdfc57153a3205fee28
- SHA1
  
  79563ea503b604223667265df8c7990d46c9f09a
- SHA256
  
  1cd3f805bba564c28d16e4295e7be6fe6ca7f4737127dd3c77e944de798e2933
- SHA512
  
  b418cf6c085e549765bc71448a4351300ebe94cf27b499f8f77baf0e14f4d334ea3e3670651a08151cd5ed08d851c933dbf713829dab78ba0dbaeaa839619232
- SSDEEP
  
  3072:SvBkbFPqDSJ/mGPcp/Tvq/r+JYq/78bw/JNtWG:+03qjQ+JYq/gcIG
Score

10^/10

discovery evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence