Overview

overview

10

Static

static

3

0203622dd2...18.exe

windows7-x64

10

0203622dd2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0203622dd26736bfc842158c5973e819_JaffaCakes118

  • Size

    152KB

  • Sample

    240427-aw35gsfc36

  • MD5

    0203622dd26736bfc842158c5973e819

  • SHA1

    43f3640dea3fd6f7fd4b2553f0d6914ea46e41cf

  • SHA256

    8b051543a1c0abd3c328b53dbaefe8f55e2390c1f17d596993ce1c49fe692a5f

  • SHA512

    94b33adacf6997b6660f9fa0fa589ff408bb9e62ae2c69a10c9ed6f6e14cf5b9de8b7d8d9a2260b7f527fb8b2f31e754fa6b485ef409c083dc9c32ce89500bec

  • SSDEEP

    3072:t1B31bdBob2QXBYx+4rrhMCC0Pn6bqd/ewhQTqMQ:t731bdBaBBYE4rFNCGjdKrQ

Score
10/10
persistence

Malware Config

Targets

    • Target

      0203622dd26736bfc842158c5973e819_JaffaCakes118

    • Size

      152KB

    • MD5

      0203622dd26736bfc842158c5973e819

    • SHA1

      43f3640dea3fd6f7fd4b2553f0d6914ea46e41cf

    • SHA256

      8b051543a1c0abd3c328b53dbaefe8f55e2390c1f17d596993ce1c49fe692a5f

    • SHA512

      94b33adacf6997b6660f9fa0fa589ff408bb9e62ae2c69a10c9ed6f6e14cf5b9de8b7d8d9a2260b7f527fb8b2f31e754fa6b485ef409c083dc9c32ce89500bec

    • SSDEEP

      3072:t1B31bdBob2QXBYx+4rrhMCC0Pn6bqd/ewhQTqMQ:t731bdBaBBYE4rFNCGjdKrQ

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks