d244a9eb4265002ee984ef5da603f43a1f30df8d463b02c19b5bad9eef9469a6 | Triage

Sharing

General

Target

fa2aebbd93f06f2ffcef3454635004dd_JaffaCakes118
Size

231KB
Sample

240419-m8jmtsba8t
MD5

fa2aebbd93f06f2ffcef3454635004dd
SHA1

60d9d9827c6906e649d4712fb37ecd0477f734e6
SHA256

d244a9eb4265002ee984ef5da603f43a1f30df8d463b02c19b5bad9eef9469a6
SHA512

8edbcaf50445d409a7517f7578841871c2b5d94421d3666845070c5c2b4b33f3319e98d2eb2f034f2723b89f54943461dc1b7d8ea5376ed149de556be93eef66
SSDEEP

6144:cDV3tsVHUOIqTB4cpLlgq6CY3ElWnvAPz8:I3qcqTBtgqNUhvyz

Score

10^/10

aspackv2 evasion persistence

Malware Config

Targets

- Target
  
  fa2aebbd93f06f2ffcef3454635004dd_JaffaCakes118
- Size
  
  231KB
- MD5
  
  fa2aebbd93f06f2ffcef3454635004dd
- SHA1
  
  60d9d9827c6906e649d4712fb37ecd0477f734e6
- SHA256
  
  d244a9eb4265002ee984ef5da603f43a1f30df8d463b02c19b5bad9eef9469a6
- SHA512
  
  8edbcaf50445d409a7517f7578841871c2b5d94421d3666845070c5c2b4b33f3319e98d2eb2f034f2723b89f54943461dc1b7d8ea5376ed149de556be93eef66
- SSDEEP
  
  6144:cDV3tsVHUOIqTB4cpLlgq6CY3ElWnvAPz8:I3qcqTBtgqNUhvyz
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence