d1c483057cf0b2e2c5df36cf90fa8a24f01d939dc592a3277ac9e570bd97c3fa | Triage

Sharing

General

Target

f695aedb294f1ae9f7fc81938bf10491_JaffaCakes118
Size

456KB
Sample

240925-wvm8jazckp
MD5

f695aedb294f1ae9f7fc81938bf10491
SHA1

c4c7350bd2869a979b462f1d52007da379d1aac6
SHA256

d1c483057cf0b2e2c5df36cf90fa8a24f01d939dc592a3277ac9e570bd97c3fa
SHA512

bc7be4ceffd15a201665389d89352e753424095ac0ad55f1bd913e4f0ddc23a6d3f728d35ea938fadb26d697b3ef5034e4d9147fee004fd26cd5e45483bcfb3a
SSDEEP

12288:9Fp4JSsC4Gmbw58mnZ67OQ8zPAu/oh0xB:54vTo6KdLAugc

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  f695aedb294f1ae9f7fc81938bf10491_JaffaCakes118
- Size
  
  456KB
- MD5
  
  f695aedb294f1ae9f7fc81938bf10491
- SHA1
  
  c4c7350bd2869a979b462f1d52007da379d1aac6
- SHA256
  
  d1c483057cf0b2e2c5df36cf90fa8a24f01d939dc592a3277ac9e570bd97c3fa
- SHA512
  
  bc7be4ceffd15a201665389d89352e753424095ac0ad55f1bd913e4f0ddc23a6d3f728d35ea938fadb26d697b3ef5034e4d9147fee004fd26cd5e45483bcfb3a
- SSDEEP
  
  12288:9Fp4JSsC4Gmbw58mnZ67OQ8zPAu/oh0xB:54vTo6KdLAugc
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2