b3a3c4e4d80eef88d1bc7f5f06a86cb7736d7f51fc9b81439fa05928d88f9af0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5fd98d6cf2d830e79a3dc7ef470c2b0f_JaffaCakes118
Size

105KB
Sample

240720-kzw6fsyfkh
MD5

5fd98d6cf2d830e79a3dc7ef470c2b0f
SHA1

4b314bf8e7c57c87e1388f5890a70b1676326a5b
SHA256

b3a3c4e4d80eef88d1bc7f5f06a86cb7736d7f51fc9b81439fa05928d88f9af0
SHA512

e7931e07712bdfd2ce32d5187ab7df087bbcc7a97b60161c60b6aba1f9f1f64525674f89bc3b56ca9131dad51be82a4b96578a9ba76bd90db6a4e7e1dcca53cc
SSDEEP

1536:k4eBfjI7LgNGlK5jj3ILJ18QKzmz+Fl8MVIXhy+4TVPu6MzrOdiwM:BeBfj6LmGo5XM+E4JPLYz

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5fd98d6cf2d830e79a3dc7ef470c2b0f_JaffaCakes118
- Size
  
  105KB
- MD5
  
  5fd98d6cf2d830e79a3dc7ef470c2b0f
- SHA1
  
  4b314bf8e7c57c87e1388f5890a70b1676326a5b
- SHA256
  
  b3a3c4e4d80eef88d1bc7f5f06a86cb7736d7f51fc9b81439fa05928d88f9af0
- SHA512
  
  e7931e07712bdfd2ce32d5187ab7df087bbcc7a97b60161c60b6aba1f9f1f64525674f89bc3b56ca9131dad51be82a4b96578a9ba76bd90db6a4e7e1dcca53cc
- SSDEEP
  
  1536:k4eBfjI7LgNGlK5jj3ILJ18QKzmz+Fl8MVIXhy+4TVPu6MzrOdiwM:BeBfj6LmGo5XM+E4JPLYz
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2