General
-
Target
280c3da5ea65c959067f8ab553037370_JaffaCakes118
-
Size
320KB
-
Sample
240706-letp9stfnq
-
MD5
280c3da5ea65c959067f8ab553037370
-
SHA1
7941c2b2118fd30c2b8c65a1beab08d9331203c9
-
SHA256
c390e62943f6c3cd8a21a5aed7b9d8528b30cae4bad6a5ba26f817d9bbf68d5f
-
SHA512
628bf2984f38a82cda34f4b1afbe6f1a810201a29b9ce2e0f6a9daee31b7a86fa60dd114888d3c0f77cb10d5a539b2cc0b255c29abeb58a13613f4fdc0447041
-
SSDEEP
6144:ym/o/vvofih8jWlw7WtoPkvVOfzUE8uoglOs5WY94/JzZwLZ5rLLVIqxE+1qg:5o/UWIkNOfzUEQgFGJNmjKqxE+1
Malware Config
Targets
-
-
Target
280c3da5ea65c959067f8ab553037370_JaffaCakes118
-
Size
320KB
-
MD5
280c3da5ea65c959067f8ab553037370
-
SHA1
7941c2b2118fd30c2b8c65a1beab08d9331203c9
-
SHA256
c390e62943f6c3cd8a21a5aed7b9d8528b30cae4bad6a5ba26f817d9bbf68d5f
-
SHA512
628bf2984f38a82cda34f4b1afbe6f1a810201a29b9ce2e0f6a9daee31b7a86fa60dd114888d3c0f77cb10d5a539b2cc0b255c29abeb58a13613f4fdc0447041
-
SSDEEP
6144:ym/o/vvofih8jWlw7WtoPkvVOfzUE8uoglOs5WY94/JzZwLZ5rLLVIqxE+1qg:5o/UWIkNOfzUEQgFGJNmjKqxE+1
Score10/10-
Modifies WinLogon for persistence
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2