270a0c5f28be49ecaf3a809f0e206afb44446f8686a33324f9adba5ea8f5f607 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c63e072bf3ee167126474f083802078e_JaffaCakes118
Size

89KB
Sample

241205-gqr9csxpap
MD5

c63e072bf3ee167126474f083802078e
SHA1

ddb6694f6edf284002c86504e98a8c84f1a6bc21
SHA256

270a0c5f28be49ecaf3a809f0e206afb44446f8686a33324f9adba5ea8f5f607
SHA512

9d59012ccbf3d20fec5ba9072dbe4962182d21d3a38d40e19606fb7fab0f3ffa84d9ad46324fb6d3a6b99f0cac0481dd511dfc6e04cdc36af71f575df9aa6b65
SSDEEP

1536:Fqq5M0UQD8ZME5RPDN19Wc7natUUGVIuc8yrSS8foIiXVJc5cQ0sikAEVESb9:ppUu8pzD/Ec7nUiVIuc8yrSS8QIiXU5F

Score

10^/10

defense_evasion discovery evasion execution lateral_movement

Malware Config

Targets

- Target
  
  c63e072bf3ee167126474f083802078e_JaffaCakes118
- Size
  
  89KB
- MD5
  
  c63e072bf3ee167126474f083802078e
- SHA1
  
  ddb6694f6edf284002c86504e98a8c84f1a6bc21
- SHA256
  
  270a0c5f28be49ecaf3a809f0e206afb44446f8686a33324f9adba5ea8f5f607
- SHA512
  
  9d59012ccbf3d20fec5ba9072dbe4962182d21d3a38d40e19606fb7fab0f3ffa84d9ad46324fb6d3a6b99f0cac0481dd511dfc6e04cdc36af71f575df9aa6b65
- SSDEEP
  
  1536:Fqq5M0UQD8ZME5RPDN19Wc7natUUGVIuc8yrSS8foIiXVJc5cQ0sikAEVESb9:ppUu8pzD/Ec7nUiVIuc8yrSS8QIiXU5F
Score

10^/10

defense_evasion discovery evasion execution lateral_movement
- Disables service(s)
  evasion execution
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Remote Service Session Hijacking: RDP Hijacking
  Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.
  lateral_movement
- Indicator Removal: Network Share Connection Removal
  Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
  defense_evasion
- Stops running service(s)
  evasion execution
- Hide Artifacts: Hidden Users
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Users

Impair Defenses

Indicator Removal

Network Share Connection Removal

Credential Access

Discovery

Permission Groups Discovery

Local Groups

System Location Discovery

System Language Discovery

Lateral Movement

Remote Service Session Hijacking

RDP Hijacking

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionlateral_movement

behavioral2

defense_evasiondiscoveryevasionexecutionlateral_movement