4171de49be68064ee63937bdd560c253c9b5173c0497bc7835ec497f6d3e87e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d56d8d8600cdbfadaa1b66469b7a646_JaffaCakes118
Size

73KB
Sample

240719-x6s4lazcne
MD5

5d56d8d8600cdbfadaa1b66469b7a646
SHA1

9369717a8dbc49452f5e1ea27a92e4eb779dbd6a
SHA256

4171de49be68064ee63937bdd560c253c9b5173c0497bc7835ec497f6d3e87e0
SHA512

296409e15338863a0c1022022ff7eb5f5bf00ea7907cb7ce37701e183ad089b751911831bb908e4f2a148637735d17b2aa9951aba38bf80bd37c3e58a4c0ef5b
SSDEEP

1536:SvVLAUfOWlydRdBhfuDolgEHVzHpjOTtOTWOT2iX:2BJf5K1flWM4QvKiX

Score

10^/10

aspackv2 persistence

Malware Config

Targets

- Target
  
  5d56d8d8600cdbfadaa1b66469b7a646_JaffaCakes118
- Size
  
  73KB
- MD5
  
  5d56d8d8600cdbfadaa1b66469b7a646
- SHA1
  
  9369717a8dbc49452f5e1ea27a92e4eb779dbd6a
- SHA256
  
  4171de49be68064ee63937bdd560c253c9b5173c0497bc7835ec497f6d3e87e0
- SHA512
  
  296409e15338863a0c1022022ff7eb5f5bf00ea7907cb7ce37701e183ad089b751911831bb908e4f2a148637735d17b2aa9951aba38bf80bd37c3e58a4c0ef5b
- SSDEEP
  
  1536:SvVLAUfOWlydRdBhfuDolgEHVzHpjOTtOTWOT2iX:2BJf5K1flWM4QvKiX
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence