0e397f72147a79cb6b37a4076edbcca05ec4c5cb9918b0da4ec262c0907cda34 | Triage

Sharing

General

Target

edd8c9b77f7f0d13bc07cd8450d3fe04_JaffaCakes118
Size

436KB
Sample

240920-sed35ssdlg
MD5

edd8c9b77f7f0d13bc07cd8450d3fe04
SHA1

8607c836b68902fc28c87a1a3ef5eef7f794cf13
SHA256

0e397f72147a79cb6b37a4076edbcca05ec4c5cb9918b0da4ec262c0907cda34
SHA512

2bc8cda75ff12bf69b95f7df1459f49ff00ab320714714724466ad138f1bd2569d7ec92a41e4f5fac88ce2296f678680b3f2009ca26ff8ec90ab476108d5e5aa
SSDEEP

12288:WDxzt/wYYBOvFr+lX1f0OMk1SSWUxD/bY:u4YYBOy1f04UpMD/b

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  edd8c9b77f7f0d13bc07cd8450d3fe04_JaffaCakes118
- Size
  
  436KB
- MD5
  
  edd8c9b77f7f0d13bc07cd8450d3fe04
- SHA1
  
  8607c836b68902fc28c87a1a3ef5eef7f794cf13
- SHA256
  
  0e397f72147a79cb6b37a4076edbcca05ec4c5cb9918b0da4ec262c0907cda34
- SHA512
  
  2bc8cda75ff12bf69b95f7df1459f49ff00ab320714714724466ad138f1bd2569d7ec92a41e4f5fac88ce2296f678680b3f2009ca26ff8ec90ab476108d5e5aa
- SSDEEP
  
  12288:WDxzt/wYYBOvFr+lX1f0OMk1SSWUxD/bY:u4YYBOy1f04UpMD/b
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2