2ba5fc77eddeac8147778e7aa5b7a092b556107ce9ae661d05ac4baeef104f34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

170daf850e7b679cb38c69df53301e40_JaffaCakes118
Size

27KB
Sample

241005-k3ck8a1dje
MD5

170daf850e7b679cb38c69df53301e40
SHA1

953898b1bfef2f6441cf5d5e430d6a9a3e9dd273
SHA256

2ba5fc77eddeac8147778e7aa5b7a092b556107ce9ae661d05ac4baeef104f34
SHA512

5762d13c41327f15dd83761b2f91ca6f3fb7768bbdd8927f44d2ae1972e06f1c2bef2e187594b02ceab5dcb34ecec8c7fb39c6800031e5dd4c204887bbca395b
SSDEEP

384:TRUnamio6zYgRyK3nfbdR+bm1OkNLBN2WUyddBQJIi4uAGzqPyk4TqHR:T2iHYgRyK3Dd7AqLbrtdBQJTvAK4R

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  170daf850e7b679cb38c69df53301e40_JaffaCakes118
- Size
  
  27KB
- MD5
  
  170daf850e7b679cb38c69df53301e40
- SHA1
  
  953898b1bfef2f6441cf5d5e430d6a9a3e9dd273
- SHA256
  
  2ba5fc77eddeac8147778e7aa5b7a092b556107ce9ae661d05ac4baeef104f34
- SHA512
  
  5762d13c41327f15dd83761b2f91ca6f3fb7768bbdd8927f44d2ae1972e06f1c2bef2e187594b02ceab5dcb34ecec8c7fb39c6800031e5dd4c204887bbca395b
- SSDEEP
  
  384:TRUnamio6zYgRyK3nfbdR+bm1OkNLBN2WUyddBQJIi4uAGzqPyk4TqHR:T2iHYgRyK3Dd7AqLbrtdBQJTvAK4R
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence