Overview

overview

10

Static

static

3

01fd1408c5...18.exe

windows7-x64

10

01fd1408c5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01fd1408c5e24158f6e4bd0dd3f5577c_JaffaCakes118

  • Size

    301KB

  • Sample

    240427-amgvwsfa54

  • MD5

    01fd1408c5e24158f6e4bd0dd3f5577c

  • SHA1

    d316ae4b98d9b054bdcfcd408b308eb1e4dd73c1

  • SHA256

    f83d16a871cee64c14b9a6c95e21bc4972dae262b9a70c8e5001660268bb44e2

  • SHA512

    24946918325ae3674208e3c27783fa08568887395cc6b59ec1db73d65176f1722632b8ac2b98b27a70d5beb9b5fc5132de55a9370e549e3c9917d5dfa3b5ea31

  • SSDEEP

    6144:X731bdBaBRsBq3S87hgGQh20ejJMRtGDmLIY1Ad3Z:b1b9wQ9276tK8o3Z

Score
10/10
persistence

Malware Config

Targets

    • Target

      01fd1408c5e24158f6e4bd0dd3f5577c_JaffaCakes118

    • Size

      301KB

    • MD5

      01fd1408c5e24158f6e4bd0dd3f5577c

    • SHA1

      d316ae4b98d9b054bdcfcd408b308eb1e4dd73c1

    • SHA256

      f83d16a871cee64c14b9a6c95e21bc4972dae262b9a70c8e5001660268bb44e2

    • SHA512

      24946918325ae3674208e3c27783fa08568887395cc6b59ec1db73d65176f1722632b8ac2b98b27a70d5beb9b5fc5132de55a9370e549e3c9917d5dfa3b5ea31

    • SSDEEP

      6144:X731bdBaBRsBq3S87hgGQh20ejJMRtGDmLIY1Ad3Z:b1b9wQ9276tK8o3Z

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks