Overview

overview

10

Static

static

3

6f93266c88...18.exe

windows7-x64

10

6f93266c88...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f93266c889081b9e855cf7dee21ac46_JaffaCakes118

  • Size

    908KB

  • Sample

    240401-mjsjfaca6w

  • MD5

    6f93266c889081b9e855cf7dee21ac46

  • SHA1

    64e880c2da5643fb68b00f0d00ba5b3eb9773333

  • SHA256

    26a6855a944cf1fea1704b1895b3ecca0f6bc9ff80e02125e4e874e7396dd122

  • SHA512

    cc1d219c1296a567b56a1ac1003494087f9e98c49d3ef8ef3d4fc6e5c6945b13a69d1526d1c27eb2aa795ea44a425a6f7ea3883e1a756b01c1a774f2663e3941

  • SSDEEP

    12288:gTHLJWRQ/izhJ9vzgAYYR/Iu8We84ldBES1xvDxiqq:xRQ/IhYATwu3eVldyEbxiqq

Score
10/10
imminentevasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      6f93266c889081b9e855cf7dee21ac46_JaffaCakes118

    • Size

      908KB

    • MD5

      6f93266c889081b9e855cf7dee21ac46

    • SHA1

      64e880c2da5643fb68b00f0d00ba5b3eb9773333

    • SHA256

      26a6855a944cf1fea1704b1895b3ecca0f6bc9ff80e02125e4e874e7396dd122

    • SHA512

      cc1d219c1296a567b56a1ac1003494087f9e98c49d3ef8ef3d4fc6e5c6945b13a69d1526d1c27eb2aa795ea44a425a6f7ea3883e1a756b01c1a774f2663e3941

    • SSDEEP

      12288:gTHLJWRQ/izhJ9vzgAYYR/Iu8We84ldBES1xvDxiqq:xRQ/IhYATwu3eVldyEbxiqq

    Score
    10/10
    imminentevasionpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks