47b093f5c08c63716909e749104862e520692127b88df5e56f9674d400e0020f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d88fa3ed51abca27315e99cd38119f1_JaffaCakes118
Size

90KB
Sample

240716-kcdqlawdqf
MD5

4d88fa3ed51abca27315e99cd38119f1
SHA1

27039a7651a65025202578d315dd50daa170a4ac
SHA256

47b093f5c08c63716909e749104862e520692127b88df5e56f9674d400e0020f
SHA512

6d9eb6d12c8b157a5de160e80abb06b635eb0d6812f2747c84f9982167786b80bdce5e9ce85d96f5d78f64c7297e7c97dcc7d28b9b8253d5ad5abc595156f538
SSDEEP

1536:mSF1TghnhDfudojXMZeXR7k35e1oqkZ/tmiijP0e21cJdQIkhVRI5fy9p:ChjuObMEXRk3Q1oL4rcSJkhVRI5a

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  4d88fa3ed51abca27315e99cd38119f1_JaffaCakes118
- Size
  
  90KB
- MD5
  
  4d88fa3ed51abca27315e99cd38119f1
- SHA1
  
  27039a7651a65025202578d315dd50daa170a4ac
- SHA256
  
  47b093f5c08c63716909e749104862e520692127b88df5e56f9674d400e0020f
- SHA512
  
  6d9eb6d12c8b157a5de160e80abb06b635eb0d6812f2747c84f9982167786b80bdce5e9ce85d96f5d78f64c7297e7c97dcc7d28b9b8253d5ad5abc595156f538
- SSDEEP
  
  1536:mSF1TghnhDfudojXMZeXR7k35e1oqkZ/tmiijP0e21cJdQIkhVRI5fy9p:ChjuObMEXRk3Q1oL4rcSJkhVRI5a
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2