e93df5ac1145dddee047bc4347d87607d43b038fbd69b8edde0067303201a676 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa5769c6cd3056ee73bb2f7110ba0b1d_JaffaCakes118
Size

560KB
Sample

240927-nvnkastblg
MD5

fa5769c6cd3056ee73bb2f7110ba0b1d
SHA1

ffa984ed91cd84ca90d6abd362dc910218bee34a
SHA256

e93df5ac1145dddee047bc4347d87607d43b038fbd69b8edde0067303201a676
SHA512

0fd9449986782f623f7e357201943816cbc86673c6404e9309a4773daeed454cafc36a6d51a0052424a5defba856ab6baa363349b021b76c63e4927f794a16eb
SSDEEP

12288:xBpQ8wUdJQzWWCsuhUudMswCX52x8WeGRb4t:/pRZdJQzWHsuhrdMOpUfQ

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  fa5769c6cd3056ee73bb2f7110ba0b1d_JaffaCakes118
- Size
  
  560KB
- MD5
  
  fa5769c6cd3056ee73bb2f7110ba0b1d
- SHA1
  
  ffa984ed91cd84ca90d6abd362dc910218bee34a
- SHA256
  
  e93df5ac1145dddee047bc4347d87607d43b038fbd69b8edde0067303201a676
- SHA512
  
  0fd9449986782f623f7e357201943816cbc86673c6404e9309a4773daeed454cafc36a6d51a0052424a5defba856ab6baa363349b021b76c63e4927f794a16eb
- SSDEEP
  
  12288:xBpQ8wUdJQzWWCsuhUudMswCX52x8WeGRb4t:/pRZdJQzWHsuhrdMOpUfQ
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2