General
-
Target
44c69f33fbc34caa5b5530551f0f0beb_JaffaCakes118
-
Size
2.4MB
-
Sample
240714-hq9n3s1akj
-
MD5
44c69f33fbc34caa5b5530551f0f0beb
-
SHA1
df434f6af0c89ab6406649fb2c73947a612f14d1
-
SHA256
a522efa7049df0d9967bda41e1c100c2be389c39ba0bc2d0476e6fb0ee508746
-
SHA512
c82c6d63c21a99799f71ac3b324b928401a751416ff61f53e0ad995ffabd95cbf555260eb124bf015acf50714d8147b4da6943ac28da6cef48ce556ed05f4349
-
SSDEEP
12288:BZ5XgGADGEjiQ0zaXcmCbjoPtwq//b+EtyCTgRAXsVqn3JXPm0:35QGBEGQ7Kj4td/b1tyCTUArnlm0
Malware Config
Targets
-
-
Target
44c69f33fbc34caa5b5530551f0f0beb_JaffaCakes118
-
Size
2.4MB
-
MD5
44c69f33fbc34caa5b5530551f0f0beb
-
SHA1
df434f6af0c89ab6406649fb2c73947a612f14d1
-
SHA256
a522efa7049df0d9967bda41e1c100c2be389c39ba0bc2d0476e6fb0ee508746
-
SHA512
c82c6d63c21a99799f71ac3b324b928401a751416ff61f53e0ad995ffabd95cbf555260eb124bf015acf50714d8147b4da6943ac28da6cef48ce556ed05f4349
-
SSDEEP
12288:BZ5XgGADGEjiQ0zaXcmCbjoPtwq//b+EtyCTgRAXsVqn3JXPm0:35QGBEGQ7Kj4td/b1tyCTUArnlm0
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2