Overview

overview

10

Static

static

3

PermEdit.exe

windows7-x64

1

PermEdit.exe

windows10-2004-x64

1

WPE by elektro255.exe

windows7-x64

1

WPE by elektro255.exe

windows10-2004-x64

1

elektr.dll

windows7-x64

1

elektr.dll

windows10-2004-x64

1

wpe.exe

windows7-x64

10

wpe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6900336a2651f53be4491fe7ced64ddf_JaffaCakes118

  • Size

    347KB

  • Sample

    240522-3gpyjadb61

  • MD5

    6900336a2651f53be4491fe7ced64ddf

  • SHA1

    33aec628f027c9b2dfa31c3326a4dd515a4df4c5

  • SHA256

    ae02d2cec500812aaf0109c35f1421765ea0eebfbb8de26b9c7c2933dd97dd77

  • SHA512

    009370b9cc283ccc61036d7aea5af8f4558d98d9298d19148ee1756eb06f1e02ec3cb15f73568fc7c9b718fcd3eca5d872d20ef3ca5b2d91036d3fe383d863e3

  • SSDEEP

    6144:nP6L2thmaSP1zTynubVXaawkTEnOuIXUWoN6XkUyE9f+E6JTXnS778vYiBzCHCiG:nRhK1zmnubVXaa0ObXUhE9f+fJrS7wvD

Score
10/10
persistence

Malware Config

Targets

    • Target

      PermEdit.exe

    • Size

      12KB

    • MD5

      0b2ac08bce1db29e9d046d948a317861

    • SHA1

      babd60d3eb5e423df7eec8be35df3f9eb530164d

    • SHA256

      48cbe579e97d75624ee3823150d854fb652b2c73e37da1f47d8409013edf96c9

    • SHA512

      ad5cbde248a3d8590ae3294a470f8b20d465c0cfa8aa71d3c2163afb0708be924c81dfa19ce63175450e6ac9c0da50fd1a8c1e5190f0fbab05d04ae7d2f90940

    • SSDEEP

      192:mePOHSggX2oQj1P+4JIMGeSM5cMTD3C2lgMU41VtOHc6h6cjEd/kVPq/:mY7gK9Qva1eb5cSbCygMU4ehdjEKRg

    Score
    1/10
    behavioral1behavioral2

    • Target

      WPE by elektro255.exe

    • Size

      308KB

    • MD5

      94133f8293be29c1e68eac581e642f15

    • SHA1

      cbdad254269f42f1edc06e5e2e8dbb890e890702

    • SHA256

      5ae661e5ad7b131276d39cead78a2c6cf4490a68a0470a6128a3e9b46d94d0a2

    • SHA512

      4e5b8281c676a84666f376486b36706f9a4e3a898a98d53d48f8ca79d38e2f33eba1d9c5e9cc7b1993b035274ec9377e0d90f0dc7b217cacedd73cdb487e42ce

    • SSDEEP

      6144:3GZjdR/94YzvpRXqxEMpmKwx8vDVdMrdNLDWDyxCAr2OWZ:4j/uYzfX+VirCDyx2Om

    Score
    1/10
    behavioral3behavioral4

    • Target

      elektr.dll

    • Size

      51KB

    • MD5

      554621e5362c75097c1d69affb284c1c

    • SHA1

      3b3cdd43e0ca41b70fb9224e753f2e08a61462aa

    • SHA256

      6a7be9946824a2a0e01e1a5541ad78480c7c4173669c69659c3d87f21809e1a8

    • SHA512

      074d331aa00298a68e2c436e77000d99ca5026033da33bf5bb0cd713eca25b82e19fa26dc8c022917a926210f7e09e8c3c713c5681863dfe584b42d94e65d504

    • SSDEEP

      768:NCDsRInSTu6xpi9Hk+o4xTTWVWWwBHt3HOgiHFEkOlZCYLtfoyk2B:N+STVOkz4xTTWKteB2kOl7loT2B

    Score
    1/10
    behavioral5behavioral6

    • Target

      wpe.exe

    • Size

      56KB

    • MD5

      77ed29c8348379d43ecb9e841d64f6b6

    • SHA1

      14f53a4d5f4a3cc8cd8f2040e28401aa4b9e8c1e

    • SHA256

      fb62a5da456ee9a0f90fe48c3fa57c09d7d4f30bc7cdebee45f6dda02ccf34e6

    • SHA512

      2db27ee4ff7afda5670adf58f7465a5c4f9ee63cefacad5c973660866b6cda62a67f69587ab0497f1ab017548225fff827d90187b031d5b8681557fc61b5a962

    • SSDEEP

      768:J4JPHOF3W8nMIbk6KQVEs8rA7FYM9M6Ap9riiJ:J4Jf83W8W60IL26Ap8iJ

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks