dc32bc832481e71f2d39ca20956a62134cd04bfbf31f6964dbbfcdfc63c3d3ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15c7e426064f81f9d23fd08ab12f94a0_JaffaCakes118
Size

27KB
Sample

241005-csgs7atgrf
MD5

15c7e426064f81f9d23fd08ab12f94a0
SHA1

399a63abfda93691dff36028d3bad2d64801a6b4
SHA256

dc32bc832481e71f2d39ca20956a62134cd04bfbf31f6964dbbfcdfc63c3d3ef
SHA512

6a1d71dc8d56d72b8c5f6db3523acf96cd2a85bb2835a6150bac55b47eb8380e612f49fdd6ab134b2b4f73e6a45203a0d8fa06da848cf77d730c66fccf8baa53
SSDEEP

384:ycdOhVf9J9NST78m3B+SCRjufwB8/HjFTjSAD:ycErbun81SCVuJ/DD

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  15c7e426064f81f9d23fd08ab12f94a0_JaffaCakes118
- Size
  
  27KB
- MD5
  
  15c7e426064f81f9d23fd08ab12f94a0
- SHA1
  
  399a63abfda93691dff36028d3bad2d64801a6b4
- SHA256
  
  dc32bc832481e71f2d39ca20956a62134cd04bfbf31f6964dbbfcdfc63c3d3ef
- SHA512
  
  6a1d71dc8d56d72b8c5f6db3523acf96cd2a85bb2835a6150bac55b47eb8380e612f49fdd6ab134b2b4f73e6a45203a0d8fa06da848cf77d730c66fccf8baa53
- SSDEEP
  
  384:ycdOhVf9J9NST78m3B+SCRjufwB8/HjFTjSAD:ycErbun81SCVuJ/DD
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2