a57e819e901e40d98f98d1cc654c6c7fabe9569e465b2ed1734034348816a09a | Triage

Sharing

General

Target

f3edb2e5f49810617e3c19fa2ac2fe9d_JaffaCakes118
Size

588KB
Sample

240416-vly31ahb6w
MD5

f3edb2e5f49810617e3c19fa2ac2fe9d
SHA1

2c00ddf967a41858bad7b0c49461901ba0f3119b
SHA256

a57e819e901e40d98f98d1cc654c6c7fabe9569e465b2ed1734034348816a09a
SHA512

df7bb2f49dd2a17abc83f45bcb955dd4c3581dfc29799c4c7f1f8c4573f63e100eb909d0078478e80f5a022245813f37fe918a0fb69f79a9ce3524c0da9bcfd9
SSDEEP

12288:wPnXr5REk7oMh+xjL1AIV/pqmN2uSN0W4U6p4NqdoEtjzjCoz0wZmuOmv9a:gXr5aMhK1AIV/AfNl4L4NaNtjvC5ymum

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  f3edb2e5f49810617e3c19fa2ac2fe9d_JaffaCakes118
- Size
  
  588KB
- MD5
  
  f3edb2e5f49810617e3c19fa2ac2fe9d
- SHA1
  
  2c00ddf967a41858bad7b0c49461901ba0f3119b
- SHA256
  
  a57e819e901e40d98f98d1cc654c6c7fabe9569e465b2ed1734034348816a09a
- SHA512
  
  df7bb2f49dd2a17abc83f45bcb955dd4c3581dfc29799c4c7f1f8c4573f63e100eb909d0078478e80f5a022245813f37fe918a0fb69f79a9ce3524c0da9bcfd9
- SSDEEP
  
  12288:wPnXr5REk7oMh+xjL1AIV/pqmN2uSN0W4U6p4NqdoEtjzjCoz0wZmuOmv9a:gXr5aMhK1AIV/AfNl4L4NaNtjvC5ymum
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2