ratty | 69492de5a113e880bba74ab50608705b368201f9ee9ace9db24248ec02570601 | Triage

Sharing

General

Target

eec79fff9c86ef4a064d198cd7dff8ed_JaffaCakes118
Size

382KB
Sample

240921-bfvzlsxglf
MD5

eec79fff9c86ef4a064d198cd7dff8ed
SHA1

55086ee20e6028d2602ab0d337b0e3bc6181a750
SHA256

69492de5a113e880bba74ab50608705b368201f9ee9ace9db24248ec02570601
SHA512

3c51934a34df2257f76f3645b5d6df349b87b871ee80a56e4fe55c37314a9a06110ebdd1fca4dcfb0bc9a27b7122ea9d4aa31dde7222ced9c3ad5aac9bb040f1
SSDEEP

6144:01kCxZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WY:06CxZNNNzbCClCA+jp02GmWhJnav5jUN

Score

10^/10

ratty persistence privilege_escalation

Malware Config

Targets

- Target
  
  eec79fff9c86ef4a064d198cd7dff8ed_JaffaCakes118
- Size
  
  382KB
- MD5
  
  eec79fff9c86ef4a064d198cd7dff8ed
- SHA1
  
  55086ee20e6028d2602ab0d337b0e3bc6181a750
- SHA256
  
  69492de5a113e880bba74ab50608705b368201f9ee9ace9db24248ec02570601
- SHA512
  
  3c51934a34df2257f76f3645b5d6df349b87b871ee80a56e4fe55c37314a9a06110ebdd1fca4dcfb0bc9a27b7122ea9d4aa31dde7222ced9c3ad5aac9bb040f1
- SSDEEP
  
  6144:01kCxZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WY:06CxZNNNzbCClCA+jp02GmWhJnav5jUN
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation