ebf95c24c4ddccfb8bd451ec5ac8d4ae058e195da8119f6fd70bf40cdbd61274 | Triage

Sharing

General

Target

6a4eb063fdf071e09a28286a7d6355e6_JaffaCakes118
Size

244KB
Sample

240724-fg975ssbre
MD5

6a4eb063fdf071e09a28286a7d6355e6
SHA1

8566e6c5aa4016fd8769ff5acd52040a447606ef
SHA256

ebf95c24c4ddccfb8bd451ec5ac8d4ae058e195da8119f6fd70bf40cdbd61274
SHA512

3683072c01ec348b1791348f091283cdfd953e4cc757b58463f1466dd35bab450830a0ecb47f183cf63ccd78b0e4696f586f841b2d99829859fd7a66687ca492
SSDEEP

6144:/FbKr2b0xskGiLIJ6FpfzSkaQpHFyEoG8i1ni9SBXTH62:/Ur2bpk5IJ6PzSFQpHFLs9MHj

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  6a4eb063fdf071e09a28286a7d6355e6_JaffaCakes118
- Size
  
  244KB
- MD5
  
  6a4eb063fdf071e09a28286a7d6355e6
- SHA1
  
  8566e6c5aa4016fd8769ff5acd52040a447606ef
- SHA256
  
  ebf95c24c4ddccfb8bd451ec5ac8d4ae058e195da8119f6fd70bf40cdbd61274
- SHA512
  
  3683072c01ec348b1791348f091283cdfd953e4cc757b58463f1466dd35bab450830a0ecb47f183cf63ccd78b0e4696f586f841b2d99829859fd7a66687ca492
- SSDEEP
  
  6144:/FbKr2b0xskGiLIJ6FpfzSkaQpHFyEoG8i1ni9SBXTH62:/Ur2bpk5IJ6PzSFQpHFLs9MHj
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence