General
-
Target
18a77f70f308e9b14a7c64e1145f6b0f_JaffaCakes118
-
Size
4.8MB
-
Sample
240628-d9j6bazama
-
MD5
18a77f70f308e9b14a7c64e1145f6b0f
-
SHA1
c389bd6473bc6516794d73a7e255e94b5f43f8f6
-
SHA256
48869cd996b2db6e73b5f2f0e1e989648055d7e4dfd8e85cb0a5541f1c22f6f7
-
SHA512
733bc81ec68a4e53169317f5581ca3a99391355affeab23f86d2526e2ff36fdaa5378bdb7b2d2d219423f34c933d326a2efd39d1e26053793334a0ef2c95e012
-
SSDEEP
98304:9R5kNiF/AQgu2Uw7PGUcyGlQ+xsNBvuPY53:9fPguRw7eUcyGlQ1Bvu03
Malware Config
Targets
-
-
Target
18a77f70f308e9b14a7c64e1145f6b0f_JaffaCakes118
-
Size
4.8MB
-
MD5
18a77f70f308e9b14a7c64e1145f6b0f
-
SHA1
c389bd6473bc6516794d73a7e255e94b5f43f8f6
-
SHA256
48869cd996b2db6e73b5f2f0e1e989648055d7e4dfd8e85cb0a5541f1c22f6f7
-
SHA512
733bc81ec68a4e53169317f5581ca3a99391355affeab23f86d2526e2ff36fdaa5378bdb7b2d2d219423f34c933d326a2efd39d1e26053793334a0ef2c95e012
-
SSDEEP
98304:9R5kNiF/AQgu2Uw7PGUcyGlQ+xsNBvuPY53:9fPguRw7eUcyGlQ1Bvu03
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1