e15061650b59af9e7d3974844dc6baf3f8bca2e66d3bc15f8085d8d9c3d60ee2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17d465a825e6de308e825442c18f00fb_JaffaCakes118
Size

18.5MB
Sample

241006-m73djsveqf
MD5

17d465a825e6de308e825442c18f00fb
SHA1

8f06aff6dace68d9ced136b5b12401937dca3c97
SHA256

e15061650b59af9e7d3974844dc6baf3f8bca2e66d3bc15f8085d8d9c3d60ee2
SHA512

e358cc5817265383425a9890e4cc887cceb9e3dea727945d916d5c937efd14afacd9f980233e499a26caadabf6534c9f821d9dbddcf7e24898780846e8848d13
SSDEEP

393216:ZkZWuJ0EPdtU8+1RJTzJwo7ANcp6FcNVCylfN+5X17Dtu:WEuaadtU8Ynx37ANcYcm17hu

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  VanDyke.SecureCRT.v6.20/3ddown.com_scrt62-x86_setup.exe
- Size
  
  38.1MB
- MD5
  
  5cd2b2a88275fb3bbd50c5742ae088da
- SHA1
  
  d837e93d748d2ed6040efa8354b67d80098dca64
- SHA256
  
  26d3e0584a2ac81413c386f89924bedf8f5ae43ba1a2952633a446e45c57d831
- SHA512
  
  0f6a19f966338e0392e8f742f8b968574ac4bc1cc754d80ddc4dc29a1277deafceb2d070c9cc522d56e9be2dbdb6791953bf49a47008aabb66d7c47d36a40469
- SSDEEP
  
  393216:oxNZUuICneryRIcMyRIcb3gEOmMzt/yXtwmMxFB5cni0o/GUac9Fh9DDhYqJTtAP:8ZnqpEO7//jxlcni0Bdcp7DTtspd
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence