4ab3ad4b9fb70136af1dfebdd6ac1c5207e67332e0b4dc5e34ba173c7e81c84e | Triage

Sharing

General

Target

01ff5c8fb88f40f0a12a6e62382cfb83_JaffaCakes118
Size

367KB
Sample

240620-cslgdatcle
MD5

01ff5c8fb88f40f0a12a6e62382cfb83
SHA1

feb5ddf369392988cee8e84e50d44c776f97d2ae
SHA256

4ab3ad4b9fb70136af1dfebdd6ac1c5207e67332e0b4dc5e34ba173c7e81c84e
SHA512

f681ea2981ed867c4605831646355a163e18ca1b740b8cbc4534a9da923e888c0467b2fb01a753d77b84a6bd9b7ab285e5fc4a5aa23653b75fa5b445e6c1dfec
SSDEEP

6144:LkOKKnldo/IjZfK7VD56amSwYkY72Hdye7Y7MZnlrj4RiDDzLn+tHCg9LxrbHRW5:ovYFRK7V7R8HjYcnJj6+PL+jHO8NM4K1

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  01ff5c8fb88f40f0a12a6e62382cfb83_JaffaCakes118
- Size
  
  367KB
- MD5
  
  01ff5c8fb88f40f0a12a6e62382cfb83
- SHA1
  
  feb5ddf369392988cee8e84e50d44c776f97d2ae
- SHA256
  
  4ab3ad4b9fb70136af1dfebdd6ac1c5207e67332e0b4dc5e34ba173c7e81c84e
- SHA512
  
  f681ea2981ed867c4605831646355a163e18ca1b740b8cbc4534a9da923e888c0467b2fb01a753d77b84a6bd9b7ab285e5fc4a5aa23653b75fa5b445e6c1dfec
- SSDEEP
  
  6144:LkOKKnldo/IjZfK7VD56amSwYkY72Hdye7Y7MZnlrj4RiDDzLn+tHCg9LxrbHRW5:ovYFRK7V7R8HjYcnJj6+PL+jHO8NM4K1
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2