d125cf1c3a0abc5c9cbbb769c587d9a37de426d283b92f7c6e7c21b48b43d1f3 | Triage

Sharing

General

Target

ee273634f68fe38f1a0ca513a51fcfe6_JaffaCakes118
Size

340KB
Sample

240920-wr42wazglj
MD5

ee273634f68fe38f1a0ca513a51fcfe6
SHA1

c621a8c34aa3e84e9ceba58b7693f62e2201c776
SHA256

d125cf1c3a0abc5c9cbbb769c587d9a37de426d283b92f7c6e7c21b48b43d1f3
SHA512

94c679629149b9cd976363fe7516aa7af3e0562a4c537b5a88308342796ed400067799c9212ecd86bed211c30ec7613204813ee9c052e3862d837d9c9af828c3
SSDEEP

6144:NFLgTto5SAQes56x9iBHLEBRpB1YeOAC+W8rcb9kf:NuTt0aTIKHQfYeOt8f

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  ee273634f68fe38f1a0ca513a51fcfe6_JaffaCakes118
- Size
  
  340KB
- MD5
  
  ee273634f68fe38f1a0ca513a51fcfe6
- SHA1
  
  c621a8c34aa3e84e9ceba58b7693f62e2201c776
- SHA256
  
  d125cf1c3a0abc5c9cbbb769c587d9a37de426d283b92f7c6e7c21b48b43d1f3
- SHA512
  
  94c679629149b9cd976363fe7516aa7af3e0562a4c537b5a88308342796ed400067799c9212ecd86bed211c30ec7613204813ee9c052e3862d837d9c9af828c3
- SSDEEP
  
  6144:NFLgTto5SAQes56x9iBHLEBRpB1YeOAC+W8rcb9kf:NuTt0aTIKHQfYeOt8f
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2