Overview

overview

10

Static

static

3

0213deadfd...18.exe

windows7-x64

10

0213deadfd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0213deadfd52d87e960beba8a6b80de5_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240427-bmcfvafh22

  • MD5

    0213deadfd52d87e960beba8a6b80de5

  • SHA1

    8bab980240218c30157f41a6a1cb8e6f12a2b69f

  • SHA256

    67d5e7f5263e81eff0b0f944932f8d9df966032b66b36846a121795e166a81f8

  • SHA512

    821f9192f4fce55e0cd21c1838f36039aa5a3c389102504acf1012bea811b1f26a69efc8b63717d95b48df3e0a27a44121a5de499420b8941a83f6355d0dc4b0

  • SSDEEP

    49152:9jWXKVoxhvU/33FiAxPoZps51W2+5N/Yplm9q9oSwz:NWrvUvPMpse5JYplm9P

Score
10/10
persistence

Malware Config

Targets

    • Target

      0213deadfd52d87e960beba8a6b80de5_JaffaCakes118

    • Size

      2.1MB

    • MD5

      0213deadfd52d87e960beba8a6b80de5

    • SHA1

      8bab980240218c30157f41a6a1cb8e6f12a2b69f

    • SHA256

      67d5e7f5263e81eff0b0f944932f8d9df966032b66b36846a121795e166a81f8

    • SHA512

      821f9192f4fce55e0cd21c1838f36039aa5a3c389102504acf1012bea811b1f26a69efc8b63717d95b48df3e0a27a44121a5de499420b8941a83f6355d0dc4b0

    • SSDEEP

      49152:9jWXKVoxhvU/33FiAxPoZps51W2+5N/Yplm9q9oSwz:NWrvUvPMpse5JYplm9P

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks