1d3ca7cef8f67269ee8135611feee59cf9a0f7bd68f8f8cc48bee575a5e8e559 | Triage

Sharing

General

Target

edfe086afcda48f929ea9de33a9e9b77_JaffaCakes118
Size

596KB
Sample

240920-t13t3awcrd
MD5

edfe086afcda48f929ea9de33a9e9b77
SHA1

cbdb2e87fa92a234cf77179905bfb8dac277b3ad
SHA256

1d3ca7cef8f67269ee8135611feee59cf9a0f7bd68f8f8cc48bee575a5e8e559
SHA512

3c20cba7cdb15cfd6c8d23bc46e38c40e840f48000dc5dc3043071b499a8bc4c23f24689e86f364743ec371490f76bca88df4d3227fae23f6b68c4f5cd0ca4f2
SSDEEP

6144:Bm6awUV7Ga13kw2HFXqfT4uYWUQbJQQazR5jM4tc:BCwUV7GskWf5V79QQER5j

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  edfe086afcda48f929ea9de33a9e9b77_JaffaCakes118
- Size
  
  596KB
- MD5
  
  edfe086afcda48f929ea9de33a9e9b77
- SHA1
  
  cbdb2e87fa92a234cf77179905bfb8dac277b3ad
- SHA256
  
  1d3ca7cef8f67269ee8135611feee59cf9a0f7bd68f8f8cc48bee575a5e8e559
- SHA512
  
  3c20cba7cdb15cfd6c8d23bc46e38c40e840f48000dc5dc3043071b499a8bc4c23f24689e86f364743ec371490f76bca88df4d3227fae23f6b68c4f5cd0ca4f2
- SSDEEP
  
  6144:Bm6awUV7Ga13kw2HFXqfT4uYWUQbJQQazR5jM4tc:BCwUV7GskWf5V79QQER5j
Score

10^/10

discovery evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan