1c8ac9c57b64711376919b6c1150ac49d046d19d64bcd20d2e403c52ae209bd6 | Triage

Sharing

General

Target

eb8ef81aa90adb59843cb2f1ae29f6a9_JaffaCakes118
Size

268KB
Sample

240410-vjshfaee32
MD5

eb8ef81aa90adb59843cb2f1ae29f6a9
SHA1

604346cee0a583ac4a05f13c77af6a9b54bfca9e
SHA256

1c8ac9c57b64711376919b6c1150ac49d046d19d64bcd20d2e403c52ae209bd6
SHA512

78c67d3d3b219a88370def3c3c0468bfc3cde4a9df3b29e196d0b0930576a7dc49d42657d6da4f06168d03871ab41c899e87594d5939a8cb0f474db64a5e2b9c
SSDEEP

6144:j1ypgwVGt1e6Ezufw6K6hQtgLB1XHE9g+koz+ZcIf:htAVufw63hQtyB1XE9Oozd

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  eb8ef81aa90adb59843cb2f1ae29f6a9_JaffaCakes118
- Size
  
  268KB
- MD5
  
  eb8ef81aa90adb59843cb2f1ae29f6a9
- SHA1
  
  604346cee0a583ac4a05f13c77af6a9b54bfca9e
- SHA256
  
  1c8ac9c57b64711376919b6c1150ac49d046d19d64bcd20d2e403c52ae209bd6
- SHA512
  
  78c67d3d3b219a88370def3c3c0468bfc3cde4a9df3b29e196d0b0930576a7dc49d42657d6da4f06168d03871ab41c899e87594d5939a8cb0f474db64a5e2b9c
- SSDEEP
  
  6144:j1ypgwVGt1e6Ezufw6K6hQtgLB1XHE9g+koz+ZcIf:htAVufw63hQtyB1XE9Oozd
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2