Overview

overview

10

Static

static

3

e25a5099c3...18.exe

windows7-x64

9

e25a5099c3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e25a5099c31b2f40353e95ba4d0c3fec_JaffaCakes118

  • Size

    793KB

  • Sample

    240915-nbt8qs1gpq

  • MD5

    e25a5099c31b2f40353e95ba4d0c3fec

  • SHA1

    44c0d53160a4791f82456c4c4a70cd1bf1194d51

  • SHA256

    c29ad03e0ec0fc3917ba169a13cace2455cf7c79aee863766255ae77c805a533

  • SHA512

    343760910ba9c89131e62e67e5e7a4045059a8fe3aff1578811273cbca093a6280525320f5ec55bff1426629c92a3543167b92005535815efa65f03859dbac2e

  • SSDEEP

    24576:z9DTK2LB+Rz13UT1++7WSM7hIiaeQ+oAgDjBUv:zhB86d7U7CeaDj+

Score
10/10
ammyyadmindefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationrat

Malware Config

Targets

    • Target

      e25a5099c31b2f40353e95ba4d0c3fec_JaffaCakes118

    • Size

      793KB

    • MD5

      e25a5099c31b2f40353e95ba4d0c3fec

    • SHA1

      44c0d53160a4791f82456c4c4a70cd1bf1194d51

    • SHA256

      c29ad03e0ec0fc3917ba169a13cace2455cf7c79aee863766255ae77c805a533

    • SHA512

      343760910ba9c89131e62e67e5e7a4045059a8fe3aff1578811273cbca093a6280525320f5ec55bff1426629c92a3543167b92005535815efa65f03859dbac2e

    • SSDEEP

      24576:z9DTK2LB+Rz13UT1++7WSM7hIiaeQ+oAgDjBUv:zhB86d7U7CeaDj+

    Score
    10/10
    defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationammyyadminrat

    • Ammyy Admin

      Remote admin tool with various capabilities.

      ratammyyadmin

    • AmmyyAdmin payload

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Creates new service(s)

      persistenceexecution

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

      discovery

    • Hide Artifacts: Hidden Users

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

1
T1564

Hidden Users

1
T1564.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Password Policy Discovery

1
T1201

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks