f65048c3b27d95cef6fcf5d8ccf5ab820494270fde0753bc9df2744361cdc25f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bdf48f65b718d86e9ded59a30f3eaa4_JaffaCakes118
Size

1.7MB
Sample

241009-gdht6avamr
MD5

2bdf48f65b718d86e9ded59a30f3eaa4
SHA1

4f9be831b939d4068f5c5993725b026f03627075
SHA256

f65048c3b27d95cef6fcf5d8ccf5ab820494270fde0753bc9df2744361cdc25f
SHA512

796b5e0d4f7b0917c68523eda5a7db03fd2f1c55e7d19c5c137e7f7062e028f0fccedb927ad8ecffdef8ca88e3129f2ba8d42bba616d8ccd6ab0ad0a8f151d44
SSDEEP

6144:GXkWpMQwzjCZl13fTS5W3tc7T1rdEjVJ3D:GXNMQ1ZDfTS5eccjVBD

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  2bdf48f65b718d86e9ded59a30f3eaa4_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  2bdf48f65b718d86e9ded59a30f3eaa4
- SHA1
  
  4f9be831b939d4068f5c5993725b026f03627075
- SHA256
  
  f65048c3b27d95cef6fcf5d8ccf5ab820494270fde0753bc9df2744361cdc25f
- SHA512
  
  796b5e0d4f7b0917c68523eda5a7db03fd2f1c55e7d19c5c137e7f7062e028f0fccedb927ad8ecffdef8ca88e3129f2ba8d42bba616d8ccd6ab0ad0a8f151d44
- SSDEEP
  
  6144:GXkWpMQwzjCZl13fTS5W3tc7T1rdEjVJ3D:GXNMQ1ZDfTS5eccjVBD
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence