Overview

overview

10

Static

static

3

St raphael...10.exe

windows7-x64

10

St raphael...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6559fd03b863e412fca9c2e9e89ba59a_JaffaCakes118

  • Size

    32KB

  • Sample

    240522-avlh2seh9t

  • MD5

    6559fd03b863e412fca9c2e9e89ba59a

  • SHA1

    7892eb3c8569b788c46666d330d406f982e4fd1b

  • SHA256

    d4305e316f514f695057e32626778d9304fb2e3d7dff73ac40b6020ad60eb7f4

  • SHA512

    23bcc0778632ab3934d72651495fc7def79dbb9165e447155823808c5f56ff7d60ad151ab0610f4a72c293b2ee16d22e7ef26cddcacf5b4d887fc70b8021ab6a

  • SSDEEP

    768:Mnxo+obLMZ8yrsR2gig+MzlllytIWsIPXTftFSnVYn:+DobLMmyg0gAdD77J

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      St raphael juillet 2010.exe

    • Size

      41KB

    • MD5

      b788561e93731bacedc64d92650a4d6b

    • SHA1

      22566f4de9d1f789314c0e67fcdc4f2d4778308d

    • SHA256

      7518537fdfbe929c077ec21570f0243ae957714238e2e3857d8fbcc7bf81d4af

    • SHA512

      6d8d342eb1382be57a1ca838d6fa987b32a3ed1f255f94dd0a9db231c0713c15398acbed988e2a4e3550a08988e4305bdc90506ee8a93b63086e5397ae395267

    • SSDEEP

      768:FOT/0+bspijWBN+drsP1sqqzNFKI2FT8SPI5siIPFv2jPVdov35BMCS:60+2iji2stsq23KFzP8oPFOjtdm5O

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • Drops file in Drivers directory

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

5
T1112

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks