043da28162535c91a042c9d454a55d67407391fcc34df18212c515ff29d2845e | Triage

Sharing

General

Target

28b8af0febbe50a51b592e1788a8da15_JaffaCakes118
Size

47KB
Sample

241009-b969qsvfkg
MD5

28b8af0febbe50a51b592e1788a8da15
SHA1

35a252e9a0a81caa91301e12523fa77e1db4a363
SHA256

043da28162535c91a042c9d454a55d67407391fcc34df18212c515ff29d2845e
SHA512

e4635a8d34618c274d393f907161ed78da86c9e3b7be04a5970614e82fdfcdd5dca6e7e489fac22676df7a63d1d523f82ffdee37211d0ab6160d3f282612e6ce
SSDEEP

768:o2s3CY7FhhmDVGGGCYrzexi6hPZNLWcKoQj3ytdUh9q3UvMgwmBIpmAhp424CjI4:oHhhLmVSrzexi6NZNLiz3ynUOmApRDqu

Score

9^/10

credential_access defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  28b8af0febbe50a51b592e1788a8da15_JaffaCakes118
- Size
  
  47KB
- MD5
  
  28b8af0febbe50a51b592e1788a8da15
- SHA1
  
  35a252e9a0a81caa91301e12523fa77e1db4a363
- SHA256
  
  043da28162535c91a042c9d454a55d67407391fcc34df18212c515ff29d2845e
- SHA512
  
  e4635a8d34618c274d393f907161ed78da86c9e3b7be04a5970614e82fdfcdd5dca6e7e489fac22676df7a63d1d523f82ffdee37211d0ab6160d3f282612e6ce
- SSDEEP
  
  768:o2s3CY7FhhmDVGGGCYrzexi6hPZNLWcKoQj3ytdUh9q3UvMgwmBIpmAhp424CjI4:oHhhLmVSrzexi6NZNLiz3ynUOmApRDqu
Score

9^/10

credential_access defense_evasion discovery persistence
- Contacts a large (266445) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Write file to user bin folder
  persistence
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscoverypersistence