6b9d7be16a7b3ae02ee056bd3fe21f0f7567e7a99238ec458db966219895812f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f394c3b8e22c703590f14446fca33d9_JaffaCakes118
Size

243KB
Sample

240625-xz79yaxgke
MD5

0f394c3b8e22c703590f14446fca33d9
SHA1

b1354af512ba2774b8c96ad5c42d33fa0ac11c08
SHA256

6b9d7be16a7b3ae02ee056bd3fe21f0f7567e7a99238ec458db966219895812f
SHA512

847b3e5c9bc3384f3e231da5cc9924f2be0ddedbc9bf24222fad995b11b4ede8aeef51a7675e2871923a501b21c4d5cd54bf1a6bec09c91f054aea8b1e19bc19
SSDEEP

6144:BH3Jh95UbcMYDd2R2G136wH/8cYZJoeX7XBsyknw3IKn3x:BH3r7UeDd2RNNHUc8JoQDVkw3IKh

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0f394c3b8e22c703590f14446fca33d9_JaffaCakes118
- Size
  
  243KB
- MD5
  
  0f394c3b8e22c703590f14446fca33d9
- SHA1
  
  b1354af512ba2774b8c96ad5c42d33fa0ac11c08
- SHA256
  
  6b9d7be16a7b3ae02ee056bd3fe21f0f7567e7a99238ec458db966219895812f
- SHA512
  
  847b3e5c9bc3384f3e231da5cc9924f2be0ddedbc9bf24222fad995b11b4ede8aeef51a7675e2871923a501b21c4d5cd54bf1a6bec09c91f054aea8b1e19bc19
- SSDEEP
  
  6144:BH3Jh95UbcMYDd2R2G136wH/8cYZJoeX7XBsyknw3IKn3x:BH3r7UeDd2RNNHUc8JoQDVkw3IKh
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2