runningrat | cc0b4b847d2837c3c0bdc537ad82e800cdcc63d0512382aa0e0d8e302ae742d1 | Triage

Sharing

General

Target

d9f83616713f4fce53c0b5abf45d652a_JaffaCakes118
Size

96KB
Sample

240911-khhlqsscke
MD5

d9f83616713f4fce53c0b5abf45d652a
SHA1

0908dc2c2e6a4272360a09e0173b802152373714
SHA256

cc0b4b847d2837c3c0bdc537ad82e800cdcc63d0512382aa0e0d8e302ae742d1
SHA512

3de91c6dd3b0034cf75a65142ebf9667281018f725d3b390c60b8af45e8517ceb3e8bcbc40223a3735293306e1eeb2c5f5b18d9b08b034fe68f5e99ac3116054
SSDEEP

1536:Jgtv4HxETPkgcky/Vht7ILmkAP3S3pzJuhyicgcqd33+9fX+:uv4HWT3yCf7ZfucU3sf+

Score

10^/10

runningrat discovery persistence

Malware Config

Targets

- Target
  
  d9f83616713f4fce53c0b5abf45d652a_JaffaCakes118
- Size
  
  96KB
- MD5
  
  d9f83616713f4fce53c0b5abf45d652a
- SHA1
  
  0908dc2c2e6a4272360a09e0173b802152373714
- SHA256
  
  cc0b4b847d2837c3c0bdc537ad82e800cdcc63d0512382aa0e0d8e302ae742d1
- SHA512
  
  3de91c6dd3b0034cf75a65142ebf9667281018f725d3b390c60b8af45e8517ceb3e8bcbc40223a3735293306e1eeb2c5f5b18d9b08b034fe68f5e99ac3116054
- SSDEEP
  
  1536:Jgtv4HxETPkgcky/Vht7ILmkAP3S3pzJuhyicgcqd33+9fX+:uv4HWT3yCf7ZfucU3sf+
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence