28e3a416fad112ff60ab0439ee59db9e1ce8c580c72122e6c5c80b0f378765d8 | Triage

Sharing

General

Target

6f16414fe42e2e3b4ac136f34c8a81e6_JaffaCakes118
Size

43KB
Sample

240725-lvrwlsvbnd
MD5

6f16414fe42e2e3b4ac136f34c8a81e6
SHA1

82148f685fdcbc177343fa9956628b3794cad43b
SHA256

28e3a416fad112ff60ab0439ee59db9e1ce8c580c72122e6c5c80b0f378765d8
SHA512

df95939d9594e2f5f198511a74d4b2fb329fe76c63411cc63b22dc094b2bb8d6319fe490f9d34e4245c15f4f0d2c807436fab4bb9b6d60e26eb4d769ae0cbf6f
SSDEEP

768:+pCVsP+uaV+LkJIuV4IFSIjqnplR/YDyy9EKImYOO1usOnL9SFp4OUTKc9:TVckpbenbR/YRu8WI9MV

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  6f16414fe42e2e3b4ac136f34c8a81e6_JaffaCakes118
- Size
  
  43KB
- MD5
  
  6f16414fe42e2e3b4ac136f34c8a81e6
- SHA1
  
  82148f685fdcbc177343fa9956628b3794cad43b
- SHA256
  
  28e3a416fad112ff60ab0439ee59db9e1ce8c580c72122e6c5c80b0f378765d8
- SHA512
  
  df95939d9594e2f5f198511a74d4b2fb329fe76c63411cc63b22dc094b2bb8d6319fe490f9d34e4245c15f4f0d2c807436fab4bb9b6d60e26eb4d769ae0cbf6f
- SSDEEP
  
  768:+pCVsP+uaV+LkJIuV4IFSIjqnplR/YDyy9EKImYOO1usOnL9SFp4OUTKc9:TVckpbenbR/YRu8WI9MV
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence