bc84814710a00085527974fe60b466a4da08aa4dfc45524f509a7da7f3c2b641 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11430f6461bcc39fb923f29fc928d281_JaffaCakes118
Size

62KB
Sample

241004-bs6a4s1bkd
MD5

11430f6461bcc39fb923f29fc928d281
SHA1

15a34bc381fb9838f06b571a7fa090ae633c917c
SHA256

bc84814710a00085527974fe60b466a4da08aa4dfc45524f509a7da7f3c2b641
SHA512

ba3a05120e12769bf68c277cbb0154349cd6dd0612c6d9dbc648dd6be2d5055c5382d4fc2080a4885a59fd61ecb4ad3113b8c24fa638f444b14170c21b84a839
SSDEEP

1536:8c3fp3GVxdTARMLTtGzvSrcmszNK+AevqMxm458wU:j3lGndTRLTtGr2cmszc+AevTw458t

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  11430f6461bcc39fb923f29fc928d281_JaffaCakes118
- Size
  
  62KB
- MD5
  
  11430f6461bcc39fb923f29fc928d281
- SHA1
  
  15a34bc381fb9838f06b571a7fa090ae633c917c
- SHA256
  
  bc84814710a00085527974fe60b466a4da08aa4dfc45524f509a7da7f3c2b641
- SHA512
  
  ba3a05120e12769bf68c277cbb0154349cd6dd0612c6d9dbc648dd6be2d5055c5382d4fc2080a4885a59fd61ecb4ad3113b8c24fa638f444b14170c21b84a839
- SSDEEP
  
  1536:8c3fp3GVxdTARMLTtGzvSrcmszNK+AevqMxm458wU:j3lGndTRLTtGr2cmszc+AevTw458t
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence