Overview

overview

10

Static

static

7

fb8cdf0eef...18.exe

windows7-x64

10

fb8cdf0eef...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb8cdf0eef45244a4a0ae2aef0b617d2_JaffaCakes118

  • Size

    26KB

  • Sample

    240420-a7ksaacg9v

  • MD5

    fb8cdf0eef45244a4a0ae2aef0b617d2

  • SHA1

    1e103f01c8bca6ae1bc4b1d4616e767393247e71

  • SHA256

    d4c9cc936ed655a08b790e7b9757e23aad90a8f2818008f3341680b2ba98a253

  • SHA512

    069fd0317dd6d0e9bda7b7de56925a6afc30be4e5ce937659a9f8023b2b189f1e69362ff8c8f304c121c26cf54a9a8ecf35388909e630cdc0ca7467dda43491a

  • SSDEEP

    384:3LJ8numdiqWZ+CA+Num7ByrmtOEHsxakCauPP8c18FUCwIAxsr6+S9Pfu7n57:SnzdiBZu+Num7B/wEMxBCNYLgxbdeV7

Score
10/10
aspackv2persistence

Malware Config

Targets

    • Target

      fb8cdf0eef45244a4a0ae2aef0b617d2_JaffaCakes118

    • Size

      26KB

    • MD5

      fb8cdf0eef45244a4a0ae2aef0b617d2

    • SHA1

      1e103f01c8bca6ae1bc4b1d4616e767393247e71

    • SHA256

      d4c9cc936ed655a08b790e7b9757e23aad90a8f2818008f3341680b2ba98a253

    • SHA512

      069fd0317dd6d0e9bda7b7de56925a6afc30be4e5ce937659a9f8023b2b189f1e69362ff8c8f304c121c26cf54a9a8ecf35388909e630cdc0ca7467dda43491a

    • SSDEEP

      384:3LJ8numdiqWZ+CA+Num7ByrmtOEHsxakCauPP8c18FUCwIAxsr6+S9Pfu7n57:SnzdiBZu+Num7B/wEMxBCNYLgxbdeV7

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks