05036cdefed1e2e405eb6b288aacf6c2df59e780de8c2493d76fc14c0b42aa8b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46c0c7389221733ef367a47614bcd683_JaffaCakes118
Size

189KB
Sample

240714-vpsemasbqe
MD5

46c0c7389221733ef367a47614bcd683
SHA1

2453191977629235cc8a9ef81e64dcda2f7cd5dc
SHA256

05036cdefed1e2e405eb6b288aacf6c2df59e780de8c2493d76fc14c0b42aa8b
SHA512

6704d1a2e72d99523e87ab36331acafd86f5802ef05bd7dba5169f5c9814da0718e141331a1c8c7e405b7169de6994ce8d4ed84fe8b68b068745524f28c54d93
SSDEEP

3072:GEHGP1HGCqWpkmP46b5NOiT8zMMJDRQN2ajzKUx+WJ26sBSZjVIidm3ZMFRJwdT3:GEmPlpk846FNOiTQDtRQzjGeRZ5NjRaJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  46c0c7389221733ef367a47614bcd683_JaffaCakes118
- Size
  
  189KB
- MD5
  
  46c0c7389221733ef367a47614bcd683
- SHA1
  
  2453191977629235cc8a9ef81e64dcda2f7cd5dc
- SHA256
  
  05036cdefed1e2e405eb6b288aacf6c2df59e780de8c2493d76fc14c0b42aa8b
- SHA512
  
  6704d1a2e72d99523e87ab36331acafd86f5802ef05bd7dba5169f5c9814da0718e141331a1c8c7e405b7169de6994ce8d4ed84fe8b68b068745524f28c54d93
- SSDEEP
  
  3072:GEHGP1HGCqWpkmP46b5NOiT8zMMJDRQN2ajzKUx+WJ26sBSZjVIidm3ZMFRJwdT3:GEmPlpk846FNOiTQDtRQzjGeRZ5NjRaJ
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence