31990f5a63310bbc6d16f66abb13486e1da6cf5edd3865ba5104107d92537362 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30eba49e99a37eae3e30738ca04a471b_JaffaCakes118
Size

896KB
Sample

241010-vbcr1swbpa
MD5

30eba49e99a37eae3e30738ca04a471b
SHA1

5b303c309fde67d0c400707d549952b38b3773c4
SHA256

31990f5a63310bbc6d16f66abb13486e1da6cf5edd3865ba5104107d92537362
SHA512

b0ac60c8c48a67fed9a57697c9ca647fe897bd360230e11f2aeab18d17f8ae738ffa50015bfbc616c6e76d79d19aad56cc73bc170370fea507afe624f8c63886
SSDEEP

24576:/NoeRbCsfxn3sAvS1m5uNAJ3evZ9hucSLY:/lRusKAvN59yZ+Y

Score

7^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  30eba49e99a37eae3e30738ca04a471b_JaffaCakes118
- Size
  
  896KB
- MD5
  
  30eba49e99a37eae3e30738ca04a471b
- SHA1
  
  5b303c309fde67d0c400707d549952b38b3773c4
- SHA256
  
  31990f5a63310bbc6d16f66abb13486e1da6cf5edd3865ba5104107d92537362
- SHA512
  
  b0ac60c8c48a67fed9a57697c9ca647fe897bd360230e11f2aeab18d17f8ae738ffa50015bfbc616c6e76d79d19aad56cc73bc170370fea507afe624f8c63886
- SSDEEP
  
  24576:/NoeRbCsfxn3sAvS1m5uNAJ3evZ9hucSLY:/lRusKAvN59yZ+Y
Score

7^/10

discovery evasion persistence privilege_escalation trojan
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2