fb4b71fc1cd0f1c2834ea3a9c3316a3196f5c604b91dae67ad798533fb3b1336 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8634da7e2347b4dbe8ff4c31a672ab90_JaffaCakes118
Size

2.1MB
Sample

240531-g6tr5aaf92
MD5

8634da7e2347b4dbe8ff4c31a672ab90
SHA1

03e98c5b63be4f398448b291689500c74c8edea7
SHA256

fb4b71fc1cd0f1c2834ea3a9c3316a3196f5c604b91dae67ad798533fb3b1336
SHA512

04aa7a7c039a1b9df1d3570fa5d96b98ab8e9eccda1e306ec528153fdd8298178fa52aeef8e9c5234cc876d0ced56e7b688fb459d3c13f9a9aa497be0be6452e
SSDEEP

49152:dmV2AprmV2ApWmV2AprmV2ApWmV2AprmV2Ap8:dm/mim/mim/mQ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  8634da7e2347b4dbe8ff4c31a672ab90_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  8634da7e2347b4dbe8ff4c31a672ab90
- SHA1
  
  03e98c5b63be4f398448b291689500c74c8edea7
- SHA256
  
  fb4b71fc1cd0f1c2834ea3a9c3316a3196f5c604b91dae67ad798533fb3b1336
- SHA512
  
  04aa7a7c039a1b9df1d3570fa5d96b98ab8e9eccda1e306ec528153fdd8298178fa52aeef8e9c5234cc876d0ced56e7b688fb459d3c13f9a9aa497be0be6452e
- SSDEEP
  
  49152:dmV2AprmV2ApWmV2AprmV2ApWmV2AprmV2Ap8:dm/mim/mim/mQ
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2