77e829a69d98b0edb0b908391458688dd93bc515abd5730b9c39dfa7ba475c29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

febf011cb0c5e1c65e8dbc4a8aa0a8ec_JaffaCakes118
Size

104KB
Sample

240421-h5sn4sed2x
MD5

febf011cb0c5e1c65e8dbc4a8aa0a8ec
SHA1

af40d2ebe31d7a6629e13457b495735b8709548a
SHA256

77e829a69d98b0edb0b908391458688dd93bc515abd5730b9c39dfa7ba475c29
SHA512

36648eee0aacf57632e3432e24ba9a4af45799b1672d58c750d3e094430c3f9cb4ebff11e33aba61fe3be7a9324ca6db61a63c390896fb0e152aee8bfc2d220d
SSDEEP

3072:8SWfEfHvS6Yp1wBmRZfoBBfekP01g9U5XuAm5k+4VZVDt+:eGPgzQmRZfon23uAf0

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  febf011cb0c5e1c65e8dbc4a8aa0a8ec_JaffaCakes118
- Size
  
  104KB
- MD5
  
  febf011cb0c5e1c65e8dbc4a8aa0a8ec
- SHA1
  
  af40d2ebe31d7a6629e13457b495735b8709548a
- SHA256
  
  77e829a69d98b0edb0b908391458688dd93bc515abd5730b9c39dfa7ba475c29
- SHA512
  
  36648eee0aacf57632e3432e24ba9a4af45799b1672d58c750d3e094430c3f9cb4ebff11e33aba61fe3be7a9324ca6db61a63c390896fb0e152aee8bfc2d220d
- SSDEEP
  
  3072:8SWfEfHvS6Yp1wBmRZfoBBfekP01g9U5XuAm5k+4VZVDt+:eGPgzQmRZfon23uAf0
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2