b6ddabdc867905ca434dca37e5d556de5d68d66ed1764bbce323481ccf6b2884 | Triage

Sharing

General

Target

fcf0baf722e699792253651709c07b65_JaffaCakes118
Size

956KB
Sample

240928-xlt56atfrd
MD5

fcf0baf722e699792253651709c07b65
SHA1

21a27cd07dae60ca2126762139d736783d60180a
SHA256

b6ddabdc867905ca434dca37e5d556de5d68d66ed1764bbce323481ccf6b2884
SHA512

592148dcad1ea52f256a4a066ab0af08d7b2ab926e629dfde2a603036345d1b8b8049bb95ff86758c260d4611e3dd4f38a5c285d85e6e0f12563df3c07e96b94
SSDEEP

24576:W7r2c8ejVkfNeK7Vf77TZwwdlsYTMFLL:WvOkqemVj7TZjXMFL

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  fcf0baf722e699792253651709c07b65_JaffaCakes118
- Size
  
  956KB
- MD5
  
  fcf0baf722e699792253651709c07b65
- SHA1
  
  21a27cd07dae60ca2126762139d736783d60180a
- SHA256
  
  b6ddabdc867905ca434dca37e5d556de5d68d66ed1764bbce323481ccf6b2884
- SHA512
  
  592148dcad1ea52f256a4a066ab0af08d7b2ab926e629dfde2a603036345d1b8b8049bb95ff86758c260d4611e3dd4f38a5c285d85e6e0f12563df3c07e96b94
- SSDEEP
  
  24576:W7r2c8ejVkfNeK7Vf77TZwwdlsYTMFLL:WvOkqemVj7TZjXMFL
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence