f316eb50db2f2109f5f9f4e6830a27eb067bf7d1afea18243e2fe56e0848b3eb | Triage

Sharing

General

Target

eea1d453034c098a90e627fad451a690_JaffaCakes118
Size

476KB
Sample

240920-3crassthkm
MD5

eea1d453034c098a90e627fad451a690
SHA1

d489bb79fa6428eb058e6c2fb5fa10c4c7285d8b
SHA256

f316eb50db2f2109f5f9f4e6830a27eb067bf7d1afea18243e2fe56e0848b3eb
SHA512

507a09761fcec73ce5d879f1fce3040a15ddda0a2edd35f3eaef0a93dcee06e9d863e3f20431b7ae95f0c2826b45e006da06cbbba847431856766db03c258280
SSDEEP

12288:avUG/D2xKM+eM41dJ6X78TuJ8bHMU4yQ1OyB8yX:aMGr2QL41bF4b1LBbX

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  eea1d453034c098a90e627fad451a690_JaffaCakes118
- Size
  
  476KB
- MD5
  
  eea1d453034c098a90e627fad451a690
- SHA1
  
  d489bb79fa6428eb058e6c2fb5fa10c4c7285d8b
- SHA256
  
  f316eb50db2f2109f5f9f4e6830a27eb067bf7d1afea18243e2fe56e0848b3eb
- SHA512
  
  507a09761fcec73ce5d879f1fce3040a15ddda0a2edd35f3eaef0a93dcee06e9d863e3f20431b7ae95f0c2826b45e006da06cbbba847431856766db03c258280
- SSDEEP
  
  12288:avUG/D2xKM+eM41dJ6X78TuJ8bHMU4yQ1OyB8yX:aMGr2QL41bF4b1LBbX
Score

10^/10

discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan