946758beb9885aabb39a582fc273eacb5a4b02b0a9b9b5b8f903eaa576075c5b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96eb1439085f1cb2df3c93065b6f8662_JaffaCakes118
Size

148KB
Sample

240814-vmz2paybjj
MD5

96eb1439085f1cb2df3c93065b6f8662
SHA1

7813ebb4a63bfa6e7011d51933e7ccf1e1a9fad7
SHA256

946758beb9885aabb39a582fc273eacb5a4b02b0a9b9b5b8f903eaa576075c5b
SHA512

1ad26b32af8a50d212a09c84bc20abf37b6914ad971e097a83283ce7e47cf627722dc8e24ef71359d3f8ae288d1e1a0224b7ad863b59c788085ccb6c844f6e3f
SSDEEP

3072:WaKloQSrkKgRENEI5apGTwQqVMTW0hiJ9MVC4zCB:Mw

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  96eb1439085f1cb2df3c93065b6f8662_JaffaCakes118
- Size
  
  148KB
- MD5
  
  96eb1439085f1cb2df3c93065b6f8662
- SHA1
  
  7813ebb4a63bfa6e7011d51933e7ccf1e1a9fad7
- SHA256
  
  946758beb9885aabb39a582fc273eacb5a4b02b0a9b9b5b8f903eaa576075c5b
- SHA512
  
  1ad26b32af8a50d212a09c84bc20abf37b6914ad971e097a83283ce7e47cf627722dc8e24ef71359d3f8ae288d1e1a0224b7ad863b59c788085ccb6c844f6e3f
- SSDEEP
  
  3072:WaKloQSrkKgRENEI5apGTwQqVMTW0hiJ9MVC4zCB:Mw
Score

10^/10

discovery evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan