afb90b6e6e86bb092a09317e5ebb5f890f7c640207fad6199b85b0742ed198ae | Triage

Sharing

General

Target

JaffaCakes118_9822be2d98840c71ba805a9f3cdc2f57
Size

583KB
Sample

250204-zphyeatlbn
MD5

9822be2d98840c71ba805a9f3cdc2f57
SHA1

6847043cc82ed89abaee9c2ee75f0224a64426ba
SHA256

afb90b6e6e86bb092a09317e5ebb5f890f7c640207fad6199b85b0742ed198ae
SHA512

1e1db33613ef6f1c6fd8f21a804b0ae789a341d7dba4f5df2da5ef9d51dce9242a0cb88ea7293de0a60a121afb80e31b1ca1ac431f3e8ac5a265f366f5178286
SSDEEP

12288:UmUO7B27iR2Rw5bOmkE+0d1q2oLU2l8mKwT5VEX/iVtbCrMU11Aabv:Umd7VR2dmkT0d4rCcs/i7CrFGC

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_9822be2d98840c71ba805a9f3cdc2f57
- Size
  
  583KB
- MD5
  
  9822be2d98840c71ba805a9f3cdc2f57
- SHA1
  
  6847043cc82ed89abaee9c2ee75f0224a64426ba
- SHA256
  
  afb90b6e6e86bb092a09317e5ebb5f890f7c640207fad6199b85b0742ed198ae
- SHA512
  
  1e1db33613ef6f1c6fd8f21a804b0ae789a341d7dba4f5df2da5ef9d51dce9242a0cb88ea7293de0a60a121afb80e31b1ca1ac431f3e8ac5a265f366f5178286
- SSDEEP
  
  12288:UmUO7B27iR2Rw5bOmkE+0d1q2oLU2l8mKwT5VEX/iVtbCrMU11Aabv:Umd7VR2dmkT0d4rCcs/i7CrFGC
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence