Overview

overview

10

Static

static

10

95cba4805f...18.exe

windows7-x64

6

95cba4805f...18.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95cba4805f980e8c1df180b660e2abb4_JaffaCakes118

  • Size

    125KB

  • Sample

    240604-wry6mafe49

  • MD5

    95cba4805f980e8c1df180b660e2abb4

  • SHA1

    acf0dcf5981f383dd2558663e917907c058566ed

  • SHA256

    75c62fd62a7a71ab357c578ed8af5a9e8b6fbcd6706242192f6012b83758993a

  • SHA512

    33744769ca5da6fcbf7c3ade9ab75ef98118335387e2960c697efc46c00d99da2f5838b358122ad5ae617330e8acf01a0d0b07f5d1b900234521c10d6c6e1e68

  • SSDEEP

    3072:YY5Bybw0rjiUvRpjiUvR63ULQwM9EsngL+0f1Z+SyDffoF:YY6nPzPzQ/9rOfOSy

Score
10/10
crimsonratpersistence

Malware Config

Extracted

Family

crimsonrat

C2

88.150.227.71

Targets

    • Target

      95cba4805f980e8c1df180b660e2abb4_JaffaCakes118

    • Size

      125KB

    • MD5

      95cba4805f980e8c1df180b660e2abb4

    • SHA1

      acf0dcf5981f383dd2558663e917907c058566ed

    • SHA256

      75c62fd62a7a71ab357c578ed8af5a9e8b6fbcd6706242192f6012b83758993a

    • SHA512

      33744769ca5da6fcbf7c3ade9ab75ef98118335387e2960c697efc46c00d99da2f5838b358122ad5ae617330e8acf01a0d0b07f5d1b900234521c10d6c6e1e68

    • SSDEEP

      3072:YY5Bybw0rjiUvRpjiUvR63ULQwM9EsngL+0f1Z+SyDffoF:YY6nPzPzQ/9rOfOSy

    Score
    6/10
    persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks