9679b393bd0b5bb45b7dea25f15c024395b51e106cc0990490ae116bef1c232b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5d0927449ffb498d844c170475313c5_JaffaCakes118
Size

267KB
Sample

240925-ml3gesterd
MD5

f5d0927449ffb498d844c170475313c5
SHA1

0eabfdb32981065742e07bd7cadb2debdc92ccbe
SHA256

9679b393bd0b5bb45b7dea25f15c024395b51e106cc0990490ae116bef1c232b
SHA512

ea307386549beba2dc0828cb5fe3e57ce84639057d7b66b585323c899e05eba0882cc37ee9b79dec749e99302940f530004825c98af19ef17acf1e764a0f733c
SSDEEP

6144:3hSv6pULROR05WjyoKpQPUI5+NBfbLCYoihzp7XZ7vZyj:3UOkWRfPDENB/yinJRyj

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f5d0927449ffb498d844c170475313c5_JaffaCakes118
- Size
  
  267KB
- MD5
  
  f5d0927449ffb498d844c170475313c5
- SHA1
  
  0eabfdb32981065742e07bd7cadb2debdc92ccbe
- SHA256
  
  9679b393bd0b5bb45b7dea25f15c024395b51e106cc0990490ae116bef1c232b
- SHA512
  
  ea307386549beba2dc0828cb5fe3e57ce84639057d7b66b585323c899e05eba0882cc37ee9b79dec749e99302940f530004825c98af19ef17acf1e764a0f733c
- SSDEEP
  
  6144:3hSv6pULROR05WjyoKpQPUI5+NBfbLCYoihzp7XZ7vZyj:3UOkWRfPDENB/yinJRyj
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2