General
-
Target
43e320bdcbc89aefd23ef13a2bbfc41c_JaffaCakes118
-
Size
414KB
-
Sample
240714-cnn2psvfrf
-
MD5
43e320bdcbc89aefd23ef13a2bbfc41c
-
SHA1
c7674d4bbbbcabe32f3bcaf79f2108479d194e47
-
SHA256
08161a6652d7834de29d7be1d6f1240f5fb641fa32d9e90b0ebbe1479de71dcc
-
SHA512
7f19e809e23b2be63006557ae84844f986de97bb2b51a757af6635f0969caa3a76ddc2952b8028296a1c1ea747a925863e005e91d572ee94cbae638db5f59aad
-
SSDEEP
6144:bARb+1YFc8CnFu73mBCR7NFrkcrreoSi7CL+PqL55NjeqE5:+b+1F8C+minkSrfSi+L/V5Nj
Malware Config
Targets
-
-
Target
43e320bdcbc89aefd23ef13a2bbfc41c_JaffaCakes118
-
Size
414KB
-
MD5
43e320bdcbc89aefd23ef13a2bbfc41c
-
SHA1
c7674d4bbbbcabe32f3bcaf79f2108479d194e47
-
SHA256
08161a6652d7834de29d7be1d6f1240f5fb641fa32d9e90b0ebbe1479de71dcc
-
SHA512
7f19e809e23b2be63006557ae84844f986de97bb2b51a757af6635f0969caa3a76ddc2952b8028296a1c1ea747a925863e005e91d572ee94cbae638db5f59aad
-
SSDEEP
6144:bARb+1YFc8CnFu73mBCR7NFrkcrreoSi7CL+PqL55NjeqE5:+b+1F8C+minkSrfSi+L/V5Nj
Score10/10-
Modifies WinLogon for persistence
-
Modifies security service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1