Overview

overview

10

Static

static

3

03c281d0c7...18.exe

windows7-x64

10

03c281d0c7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03c281d0c79898ba5e0c472c0093cb4d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240427-2bl41shh38

  • MD5

    03c281d0c79898ba5e0c472c0093cb4d

  • SHA1

    e3313bf5c501460615885d1a51ea7bc7a5b14851

  • SHA256

    9f2238381a864db192fb8b902a11e8c1d7170b2ab03aae723952e03518dda34a

  • SHA512

    7e642e1541293ed0888d72ff7819590fa85106939c66ea4b048682b636e596baf1e858d722697d1f6ecb090bcf34ff25e88c8e4e8bca92f217a7d816aeefd903

  • SSDEEP

    24576:91bRfdYmRwmOcwLMIorvUhK9BoDyzPBP7qT4PQKL+0fCjovvbOjrdX3:9bfGmRwNcodor8h2yDgBP7ZlL+0QrdX3

Score
10/10
persistence

Malware Config

Targets

    • Target

      03c281d0c79898ba5e0c472c0093cb4d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      03c281d0c79898ba5e0c472c0093cb4d

    • SHA1

      e3313bf5c501460615885d1a51ea7bc7a5b14851

    • SHA256

      9f2238381a864db192fb8b902a11e8c1d7170b2ab03aae723952e03518dda34a

    • SHA512

      7e642e1541293ed0888d72ff7819590fa85106939c66ea4b048682b636e596baf1e858d722697d1f6ecb090bcf34ff25e88c8e4e8bca92f217a7d816aeefd903

    • SSDEEP

      24576:91bRfdYmRwmOcwLMIorvUhK9BoDyzPBP7qT4PQKL+0fCjovvbOjrdX3:9bfGmRwNcodor8h2yDgBP7ZlL+0QrdX3

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks