21b1f65784f3c08caf471c7798cff0eb6f2c54320e2ac90c00e291e4097c8266 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f92a2cfd8b35721941b730467b70877_JaffaCakes118
Size

178KB
Sample

241009-mmzrxsvdje
MD5

2f92a2cfd8b35721941b730467b70877
SHA1

3d0edf3740a8ac3b83bacb3c7055f267aa1a9da1
SHA256

21b1f65784f3c08caf471c7798cff0eb6f2c54320e2ac90c00e291e4097c8266
SHA512

7245971cfb8e1ff8a50eb5f85ea53f91ace44629ce6bae2bc61fcd1e9f94a410544c7dc2ec286f9fe9a18c89aed862188cd47b2548c49e4c802031865b9f8aa0
SSDEEP

3072:2rWbVBe3eV3tKjmYEpf2OcD+kBsqSSaevx7QpNAqtO7SabMnbXfYtymtT0NjHAhZ:2WbVBxHKKYEEfRaeKN7bWo52J

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  rechnoy_vokzal_krasnoyarsk_raspisanie_teplohodov_2013.exe
- Size
  
  294KB
- MD5
  
  683867f6d42d4fa771fe26c06e3575f3
- SHA1
  
  699cec8cca3b9b3636cb00110229bc3e1299451f
- SHA256
  
  da0b0e6770245827e1af3c9049bafa0acb46ce8735b9a20f89e30145e56d89e5
- SHA512
  
  3e48bce4d0ed80e5103ca30dae6f4119dd1e8d833f5a2055054670848132d1c7324800ef84809d529860e56a26c372d9139e22e4dd419e6b2b309eed46ead5eb
- SSDEEP
  
  3072:R39sOv99jx2G8/GLHPu1MK6JKx7N1VZmJ0yqZY5E7dISKCSipBlS2jbxWGqJs:RtUGH7rJKlN1VJ7dd131SbGqJ
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation