1ab74d601c93f145d7d9326c1ea65144497207f0e8daf21d47ea762fb718e074 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

c060849bfc...18.exe

windows7-x64

8

c060849bfc...18.exe

windows10-2004-x64

7

Sharing

General

Target

c060849bfc22830185a1def4b2989fd0_JaffaCakes118
Size

401KB
Sample

241204-cvsngasler
MD5

c060849bfc22830185a1def4b2989fd0
SHA1

074e7ab1a64b5d93c185e988b9c8bc9d60aadc6e
SHA256

1ab74d601c93f145d7d9326c1ea65144497207f0e8daf21d47ea762fb718e074
SHA512

83b16b590ba30ada7ffa850f339449789a3eea04e1bed0770d102adba76b01f56cb7dedff4fbd1be3c9e9ee1a9041020b10b0fcfafd5d4e51523a943f61c7550
SSDEEP

12288:5WAWFipjX/PL1HZO01LlAD2YIYsVRSHsDrK:5/WUB/5XLiKjD

Score

8^/10

discovery evasion lateral_movement persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c060849bfc22830185a1def4b2989fd0_JaffaCakes118.exe

Resource

win7-20241023-en

discovery evasion lateral_movement persistence privilege_escalation trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

c060849bfc22830185a1def4b2989fd0_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion persistence privilege_escalation trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  c060849bfc22830185a1def4b2989fd0_JaffaCakes118
- Size
  
  401KB
- MD5
  
  c060849bfc22830185a1def4b2989fd0
- SHA1
  
  074e7ab1a64b5d93c185e988b9c8bc9d60aadc6e
- SHA256
  
  1ab74d601c93f145d7d9326c1ea65144497207f0e8daf21d47ea762fb718e074
- SHA512
  
  83b16b590ba30ada7ffa850f339449789a3eea04e1bed0770d102adba76b01f56cb7dedff4fbd1be3c9e9ee1a9041020b10b0fcfafd5d4e51523a943f61c7550
- SSDEEP
  
  12288:5WAWFipjX/PL1HZO01LlAD2YIYsVRSHsDrK:5/WUB/5XLiKjD
Score

8^/10

discovery evasion lateral_movement persistence privilege_escalation trojan
- Modifies RDP port number used by Windows
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

SMB/Windows Admin Shares

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionlateral_movementpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy