bf60372b3a1f76c928118584bbb7cd67eebfd117204c71984618ed635b9d8eac | Triage

Sharing

General

Target

fd8ebcaf646677d1c2ae6a7d1b8a8ec5_JaffaCakes118
Size

468KB
Sample

240929-b532hsxhkf
MD5

fd8ebcaf646677d1c2ae6a7d1b8a8ec5
SHA1

938844eb2d282a9bc329a7a0db4c79d410684535
SHA256

bf60372b3a1f76c928118584bbb7cd67eebfd117204c71984618ed635b9d8eac
SHA512

cd6ac5fc4eda04b8266f8e0b52af0b7e8d4857827ffcece02040c7303bc8f42f31eda7da89f1259147c2cf56c27eef6482385e7be0fbcdf8d2efab2c26f2b9a7
SSDEEP

12288:UVO3unRzs9h1VkyDXUw0vnPcPTwuxxsmSAb:j3unRsJVkyDXUwcPcPTd3F

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  fd8ebcaf646677d1c2ae6a7d1b8a8ec5_JaffaCakes118
- Size
  
  468KB
- MD5
  
  fd8ebcaf646677d1c2ae6a7d1b8a8ec5
- SHA1
  
  938844eb2d282a9bc329a7a0db4c79d410684535
- SHA256
  
  bf60372b3a1f76c928118584bbb7cd67eebfd117204c71984618ed635b9d8eac
- SHA512
  
  cd6ac5fc4eda04b8266f8e0b52af0b7e8d4857827ffcece02040c7303bc8f42f31eda7da89f1259147c2cf56c27eef6482385e7be0fbcdf8d2efab2c26f2b9a7
- SSDEEP
  
  12288:UVO3unRzs9h1VkyDXUw0vnPcPTwuxxsmSAb:j3unRsJVkyDXUwcPcPTd3F
Score

10^/10

discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2