c6ed1957df8ab5c8639ccbe15ccaca22becdf57955fdca167df81016c683e234 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22a21b111ecdd0cb549fc87bd423931c_JaffaCakes118
Size

79KB
Sample

240703-rfqyna1gna
MD5

22a21b111ecdd0cb549fc87bd423931c
SHA1

3327fad8cbefcccceb6521aaee74196c6da0f51f
SHA256

c6ed1957df8ab5c8639ccbe15ccaca22becdf57955fdca167df81016c683e234
SHA512

5a048b50074626f36be25c5463bbff2612b548652fc912eddae57378584dded34c00787e66e82b2d151996e72bbe6fe971aeb0427c6d9ff14339803bf8a3a3f1
SSDEEP

768:5FliA4vgbke1NYwcQugFedGKrAe+NICbCpc5W3pt3bSnt04QogLa1:f4cowWxrqIcMc6BbWt05La

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  22a21b111ecdd0cb549fc87bd423931c_JaffaCakes118
- Size
  
  79KB
- MD5
  
  22a21b111ecdd0cb549fc87bd423931c
- SHA1
  
  3327fad8cbefcccceb6521aaee74196c6da0f51f
- SHA256
  
  c6ed1957df8ab5c8639ccbe15ccaca22becdf57955fdca167df81016c683e234
- SHA512
  
  5a048b50074626f36be25c5463bbff2612b548652fc912eddae57378584dded34c00787e66e82b2d151996e72bbe6fe971aeb0427c6d9ff14339803bf8a3a3f1
- SSDEEP
  
  768:5FliA4vgbke1NYwcQugFedGKrAe+NICbCpc5W3pt3bSnt04QogLa1:f4cowWxrqIcMc6BbWt05La
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2