89f257a2dfba048462cebd4a907893ffcdd4e5be28e6781005d09c168786c0c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f9cfb67ebd2341c2c957a5b87af1889_JaffaCakes118
Size

620KB
Sample

240713-blcefsygql
MD5

3f9cfb67ebd2341c2c957a5b87af1889
SHA1

d7557ba41709cd6ae80ef36c8014ffc9a3648057
SHA256

89f257a2dfba048462cebd4a907893ffcdd4e5be28e6781005d09c168786c0c2
SHA512

f45d45e2fe094047ef2fee03543ae57bdc59fd7303e4a9fcf86e800de9671c05e71ac2f2e1c4bd2f0b272fbe9fee2485b76f53df0ebb2d1956541cf7c6031e2a
SSDEEP

3072:eoQuPlkT0/G1bMqPVPQ3PTB8r0Sqz2Nq2QUa3G:RJeTF1Yy1GTWOQqfG

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  3f9cfb67ebd2341c2c957a5b87af1889_JaffaCakes118
- Size
  
  620KB
- MD5
  
  3f9cfb67ebd2341c2c957a5b87af1889
- SHA1
  
  d7557ba41709cd6ae80ef36c8014ffc9a3648057
- SHA256
  
  89f257a2dfba048462cebd4a907893ffcdd4e5be28e6781005d09c168786c0c2
- SHA512
  
  f45d45e2fe094047ef2fee03543ae57bdc59fd7303e4a9fcf86e800de9671c05e71ac2f2e1c4bd2f0b272fbe9fee2485b76f53df0ebb2d1956541cf7c6031e2a
- SSDEEP
  
  3072:eoQuPlkT0/G1bMqPVPQ3PTB8r0Sqz2Nq2QUa3G:RJeTF1Yy1GTWOQqfG
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2