General
-
Target
e83ce979dc55bbf9380b7d6a5bc49749_JaffaCakes118
-
Size
73KB
-
Sample
241212-zp7lrsyqgp
-
MD5
e83ce979dc55bbf9380b7d6a5bc49749
-
SHA1
4f9d3e5e4b668bfc59bc7c715ed64542e3c18e64
-
SHA256
fe207bdb0a1d13a8294f4ee0ac2e93ffed1186ab861dd135df4225cca5db7498
-
SHA512
9c94d8a824702f2ac528f4d18392f96d541c4a0136761fea0c20aa7261ecc871e69888e78b9ed8da4c8dd6e217eae09f66a10be6c9ae637cec2b3e9d84a9310c
-
SSDEEP
768:eiJ/A2/85QjMpPFtkoVDU6BOcJ/eEGEs1POLUTeNJxyuEMqPZaKpid3b/Xs7ajZL:eiJ/hcJ9GEzUyNJxfEMqPZe3TsC3B
Malware Config
Targets
-
-
Target
e83ce979dc55bbf9380b7d6a5bc49749_JaffaCakes118
-
Size
73KB
-
MD5
e83ce979dc55bbf9380b7d6a5bc49749
-
SHA1
4f9d3e5e4b668bfc59bc7c715ed64542e3c18e64
-
SHA256
fe207bdb0a1d13a8294f4ee0ac2e93ffed1186ab861dd135df4225cca5db7498
-
SHA512
9c94d8a824702f2ac528f4d18392f96d541c4a0136761fea0c20aa7261ecc871e69888e78b9ed8da4c8dd6e217eae09f66a10be6c9ae637cec2b3e9d84a9310c
-
SSDEEP
768:eiJ/A2/85QjMpPFtkoVDU6BOcJ/eEGEs1POLUTeNJxyuEMqPZaKpid3b/Xs7ajZL:eiJ/hcJ9GEzUyNJxfEMqPZe3TsC3B
Score10/10-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Bruteratel family
-
Detect BruteRatel badger
-
UAC bypass
-
Adds policy Run key to start application
-
Disables taskbar notifications via registry modification
-
Deletes itself
-
Blocklisted process makes network request
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2