General
-
Target
1856778a22934a42352044e5dc12c4f9_JaffaCakes118
-
Size
704KB
-
Sample
240628-b53qraxbpn
-
MD5
1856778a22934a42352044e5dc12c4f9
-
SHA1
fb1807bc938c0b4bf957a328e56ed6d5d45c7b75
-
SHA256
67a735e78321eaf41d1de5fcbc93c97c29ef8bf84a881701ffd59587f5e046e1
-
SHA512
718618759a8ebf2073734f1cf8038438888c348262e11c80ae1b5f75e9243c91c5c4ae58fd070963b6827b335ed4e1c431551944ff8818e27b1f298a84c402db
-
SSDEEP
12288:g47scyuYU1kcY5VaYSD3MqmpplpGoGL3etQoMiXM8gFf/Sj4yPY:DsXuNkJSD+563ey8gVqj4yw
Malware Config
Targets
-
-
Target
1856778a22934a42352044e5dc12c4f9_JaffaCakes118
-
Size
704KB
-
MD5
1856778a22934a42352044e5dc12c4f9
-
SHA1
fb1807bc938c0b4bf957a328e56ed6d5d45c7b75
-
SHA256
67a735e78321eaf41d1de5fcbc93c97c29ef8bf84a881701ffd59587f5e046e1
-
SHA512
718618759a8ebf2073734f1cf8038438888c348262e11c80ae1b5f75e9243c91c5c4ae58fd070963b6827b335ed4e1c431551944ff8818e27b1f298a84c402db
-
SSDEEP
12288:g47scyuYU1kcY5VaYSD3MqmpplpGoGL3etQoMiXM8gFf/Sj4yPY:DsXuNkJSD+563ey8gVqj4yw
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2