866db6ef65397c731b3efff5fc66c3d33baaec8c007e39bf46c0e0a019de4af5 | Triage

Sharing

General

Target

0fa1750cf11a5933a3bd72ba92c6e9a9_JaffaCakes118
Size

3.4MB
Sample

240503-en9draef6x
MD5

0fa1750cf11a5933a3bd72ba92c6e9a9
SHA1

764c8e09b45c8635d6dc3b2d66022f884870fda3
SHA256

866db6ef65397c731b3efff5fc66c3d33baaec8c007e39bf46c0e0a019de4af5
SHA512

4ea0a9701c30607e765f75fb551b84e4e78d9d9f4dd5577a84762eeca961a880ac018a122a48587e64d3fdf52b632eaf8f27db9af52e262853140d7edf077df4
SSDEEP

98304:jxDn6ltUYucDCgZVAFcCIWHgPMm+NnoOs:tD2UYhT8FceH/NnoOs

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0fa1750cf11a5933a3bd72ba92c6e9a9_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  0fa1750cf11a5933a3bd72ba92c6e9a9
- SHA1
  
  764c8e09b45c8635d6dc3b2d66022f884870fda3
- SHA256
  
  866db6ef65397c731b3efff5fc66c3d33baaec8c007e39bf46c0e0a019de4af5
- SHA512
  
  4ea0a9701c30607e765f75fb551b84e4e78d9d9f4dd5577a84762eeca961a880ac018a122a48587e64d3fdf52b632eaf8f27db9af52e262853140d7edf077df4
- SSDEEP
  
  98304:jxDn6ltUYucDCgZVAFcCIWHgPMm+NnoOs:tD2UYhT8FceH/NnoOs
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2