c00848d5575b77ace97e414f997525ca949470bff8d3f1356dcbdd2e5ad2e167 | Triage

Sharing

General

Target

fc309cb2f4060f1e5ff0ddeb95fef64d_JaffaCakes118
Size

1.4MB
Sample

240928-nejleashkr
MD5

fc309cb2f4060f1e5ff0ddeb95fef64d
SHA1

da4e567befd0140261ed55ccaeb22663f6cfb9df
SHA256

c00848d5575b77ace97e414f997525ca949470bff8d3f1356dcbdd2e5ad2e167
SHA512

0b6d5834dc37e8b1b9b323bc4ac9ee2b9835f7878f4fe840ebd346e99557a1337ecbbc8d3355f9582a24eed7e49b28bb22bf19fb34b8bc2568b899ff3965e203
SSDEEP

24576:Uuhax+erQZb+md4wmWOF+erQZb+md4wmWOeOM:bZerQZbd2cerQZbd2A

Score

10^/10

defense_evasion discovery evasion execution persistence

Malware Config

Targets

- Target
  
  fc309cb2f4060f1e5ff0ddeb95fef64d_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  fc309cb2f4060f1e5ff0ddeb95fef64d
- SHA1
  
  da4e567befd0140261ed55ccaeb22663f6cfb9df
- SHA256
  
  c00848d5575b77ace97e414f997525ca949470bff8d3f1356dcbdd2e5ad2e167
- SHA512
  
  0b6d5834dc37e8b1b9b323bc4ac9ee2b9835f7878f4fe840ebd346e99557a1337ecbbc8d3355f9582a24eed7e49b28bb22bf19fb34b8bc2568b899ff3965e203
- SSDEEP
  
  24576:Uuhax+erQZb+md4wmWOF+erQZb+md4wmWOeOM:bZerQZbd2cerQZbd2A
Score

10^/10

defense_evasion discovery evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionpersistence

behavioral2

defense_evasiondiscoveryevasionexecutionpersistence