b0bebc565449beb9f3b4c23adec30e603026a04db6126a7e5e1cac1bc4f97655 | Triage

Sharing

General

Target

0e44d93012cc78cabf2d992a608bff56_JaffaCakes118
Size

357KB
Sample

240625-qwd4cswckk
MD5

0e44d93012cc78cabf2d992a608bff56
SHA1

875faa5333e3ebd334e19b5b7edd3d711f38365c
SHA256

b0bebc565449beb9f3b4c23adec30e603026a04db6126a7e5e1cac1bc4f97655
SHA512

aa4849ee4c3d6b1c84e6ea4d6ba9c7f30987c2ad3b68350e8cda5cce9b0c32e0e839df48fb6abcbd0ce43192411aba03464c27e06b7d551f75d36052133dd813
SSDEEP

6144:Bmnm9nFK7Ax+LYBrtSRbIqz+WSrLGj+wvjG+qhloMHDjFN6naDzsJK:BhMAxQ1bH8azq0SFNGaPsJK

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  0e44d93012cc78cabf2d992a608bff56_JaffaCakes118
- Size
  
  357KB
- MD5
  
  0e44d93012cc78cabf2d992a608bff56
- SHA1
  
  875faa5333e3ebd334e19b5b7edd3d711f38365c
- SHA256
  
  b0bebc565449beb9f3b4c23adec30e603026a04db6126a7e5e1cac1bc4f97655
- SHA512
  
  aa4849ee4c3d6b1c84e6ea4d6ba9c7f30987c2ad3b68350e8cda5cce9b0c32e0e839df48fb6abcbd0ce43192411aba03464c27e06b7d551f75d36052133dd813
- SSDEEP
  
  6144:Bmnm9nFK7Ax+LYBrtSRbIqz+WSrLGj+wvjG+qhloMHDjFN6naDzsJK:BhMAxQ1bH8azq0SFNGaPsJK
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2