e926a1e4b80a08aac5df18b80900ea5ef213be1e4660c1332a3372c2cdfecd60 | Triage

Sharing

General

Target

43aadd71c332c1c4e18e166a764207f9_JaffaCakes118
Size

31KB
Sample

241014-xfs1xavamp
MD5

43aadd71c332c1c4e18e166a764207f9
SHA1

160f56a22f8644962d449fda9008d32138b6e623
SHA256

e926a1e4b80a08aac5df18b80900ea5ef213be1e4660c1332a3372c2cdfecd60
SHA512

53aa37dc4ad170ae7f5437af4b092faacfc3bbc4bea571f8a63c238132dd583c4cceae96fc6ed210f396d830646fbc4708d0b265613ac26f80248d939937b835
SSDEEP

768:TMmEcA0Trm/sAikKo2f9lznI7JRco6GS8BLl:TMRc/Tra9yDyBNS8BR

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  43aadd71c332c1c4e18e166a764207f9_JaffaCakes118
- Size
  
  31KB
- MD5
  
  43aadd71c332c1c4e18e166a764207f9
- SHA1
  
  160f56a22f8644962d449fda9008d32138b6e623
- SHA256
  
  e926a1e4b80a08aac5df18b80900ea5ef213be1e4660c1332a3372c2cdfecd60
- SHA512
  
  53aa37dc4ad170ae7f5437af4b092faacfc3bbc4bea571f8a63c238132dd583c4cceae96fc6ed210f396d830646fbc4708d0b265613ac26f80248d939937b835
- SSDEEP
  
  768:TMmEcA0Trm/sAikKo2f9lznI7JRco6GS8BLl:TMRc/Tra9yDyBNS8BR
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence