b28510aa26451e1270e2e90c5f543f3219ab7d636ced302a747c1bb4a020e49d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1894603fcfaeaf60ee718bc906920e8b_JaffaCakes118
Size

269KB
Sample

240628-dqq5hsybjb
MD5

1894603fcfaeaf60ee718bc906920e8b
SHA1

db6aafabaaa0e08a03df923dd1b964983578f4e3
SHA256

b28510aa26451e1270e2e90c5f543f3219ab7d636ced302a747c1bb4a020e49d
SHA512

13d5281ed37b6759ade8b1d496def8a9fc0c886f32e2227196ee3a91a0c3d6fe41dbf7d28d87749575724c18843d32966bf00bcdea4fbf3e1a5d90ed9d729937
SSDEEP

6144:k/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:k4K6LzHKcvTZQ0/0zJxQDU

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  1894603fcfaeaf60ee718bc906920e8b_JaffaCakes118
- Size
  
  269KB
- MD5
  
  1894603fcfaeaf60ee718bc906920e8b
- SHA1
  
  db6aafabaaa0e08a03df923dd1b964983578f4e3
- SHA256
  
  b28510aa26451e1270e2e90c5f543f3219ab7d636ced302a747c1bb4a020e49d
- SHA512
  
  13d5281ed37b6759ade8b1d496def8a9fc0c886f32e2227196ee3a91a0c3d6fe41dbf7d28d87749575724c18843d32966bf00bcdea4fbf3e1a5d90ed9d729937
- SSDEEP
  
  6144:k/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:k4K6LzHKcvTZQ0/0zJxQDU
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2