b7662c8871d83194a76c66552f568c91be7c71dd173e14c92c8495b0474f8087 | Triage

Sharing

General

Target

2f5d65d98c4411e8e34600a5711dfba7_JaffaCakes118
Size

357KB
Sample

240709-hmw9kstdna
MD5

2f5d65d98c4411e8e34600a5711dfba7
SHA1

e6184ed8f3bedc5df34c28b76f6adf937d01e1e2
SHA256

b7662c8871d83194a76c66552f568c91be7c71dd173e14c92c8495b0474f8087
SHA512

25a567d8434a3ca2be6615dd8de46467b1d848fdb696cb65a44180d4187173c0665c17087d9e18f028081d06ab03cb8ebf06b7ddc63edc7ee18d21d4fe18e58e
SSDEEP

6144:ammm9nFK7Ax+LYBrtSRbIqz+WSrLGj+wvjG+qhloMHDjFNreCToy:aGMAxQ1bH8azq0SFNr9R

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  2f5d65d98c4411e8e34600a5711dfba7_JaffaCakes118
- Size
  
  357KB
- MD5
  
  2f5d65d98c4411e8e34600a5711dfba7
- SHA1
  
  e6184ed8f3bedc5df34c28b76f6adf937d01e1e2
- SHA256
  
  b7662c8871d83194a76c66552f568c91be7c71dd173e14c92c8495b0474f8087
- SHA512
  
  25a567d8434a3ca2be6615dd8de46467b1d848fdb696cb65a44180d4187173c0665c17087d9e18f028081d06ab03cb8ebf06b7ddc63edc7ee18d21d4fe18e58e
- SSDEEP
  
  6144:ammm9nFK7Ax+LYBrtSRbIqz+WSrLGj+wvjG+qhloMHDjFNreCToy:aGMAxQ1bH8azq0SFNr9R
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2