acde40ab1f800c9c616a5a9cdba72abe83f23a5032d88c61daa175917385a52c | Triage

Sharing

General

Target

f5dd565288e19c6125f15ed05a46f43f_JaffaCakes118
Size

254KB
Sample

240417-qktdxahb35
MD5

f5dd565288e19c6125f15ed05a46f43f
SHA1

cbe2bbfda79c4e71d5236e80d0cc62b19e420c46
SHA256

acde40ab1f800c9c616a5a9cdba72abe83f23a5032d88c61daa175917385a52c
SHA512

7a02ef19a209dd28b28bb2555e079fc55051566116ba0b84b22f64ede8137d4b876b9b8b0113ac9979e3dd7f07ded826a6467a79ceee7b3950dc865a166567b5
SSDEEP

6144:KXpzivISeim9jmoD/EwY6V4WndGHtlraFUuv/wbvH43pNbEMw7:EpzUISefhrb5E6FUuwb/43pKM

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f5dd565288e19c6125f15ed05a46f43f_JaffaCakes118
- Size
  
  254KB
- MD5
  
  f5dd565288e19c6125f15ed05a46f43f
- SHA1
  
  cbe2bbfda79c4e71d5236e80d0cc62b19e420c46
- SHA256
  
  acde40ab1f800c9c616a5a9cdba72abe83f23a5032d88c61daa175917385a52c
- SHA512
  
  7a02ef19a209dd28b28bb2555e079fc55051566116ba0b84b22f64ede8137d4b876b9b8b0113ac9979e3dd7f07ded826a6467a79ceee7b3950dc865a166567b5
- SSDEEP
  
  6144:KXpzivISeim9jmoD/EwY6V4WndGHtlraFUuv/wbvH43pNbEMw7:EpzUISefhrb5E6FUuwb/43pKM
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2