242fd2d6c72a0a3cfe8f767465e30d94d70e2d094277ad3d6be99336af625480 | Triage

Sharing

General

Target

ee38e40d13cfee4d0fb24624c152fb48_JaffaCakes118
Size

147KB
Sample

240920-xjktpsscja
MD5

ee38e40d13cfee4d0fb24624c152fb48
SHA1

55d903926d63c0a2db44774d15b137af2b4483be
SHA256

242fd2d6c72a0a3cfe8f767465e30d94d70e2d094277ad3d6be99336af625480
SHA512

8b8d85f2335b2d3b247226583a4f7a717b65cb740c4fbe9fce093b15b23c43da1d1271943d8c48bf567cea806735f91e89928b8cd9f5abbf6d84626e83fbe8f1
SSDEEP

3072:5jFRQGCIIm1xs5GWp1icKAArDZz4N9GhbkrNEk1AgZ:dQGCIImOp0yN90QEE

Score

10^/10

discovery execution persistence

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://bitbucket.org/dazlle/logos/downloads/svchost.exe

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://bitbucket.org/dazlle/logos/downloads/TASK.ps1

Targets

- Target
  
  ee38e40d13cfee4d0fb24624c152fb48_JaffaCakes118
- Size
  
  147KB
- MD5
  
  ee38e40d13cfee4d0fb24624c152fb48
- SHA1
  
  55d903926d63c0a2db44774d15b137af2b4483be
- SHA256
  
  242fd2d6c72a0a3cfe8f767465e30d94d70e2d094277ad3d6be99336af625480
- SHA512
  
  8b8d85f2335b2d3b247226583a4f7a717b65cb740c4fbe9fce093b15b23c43da1d1271943d8c48bf567cea806735f91e89928b8cd9f5abbf6d84626e83fbe8f1
- SSDEEP
  
  3072:5jFRQGCIIm1xs5GWp1icKAArDZz4N9GhbkrNEk1AgZ:dQGCIImOp0yN90QEE
Score

10^/10

discovery execution persistence
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence

behavioral2

discoveryexecutionpersistence