57bc14bc7a24317cf7401924fcc1fccef70b7c1ed706d0fb0434256dc11feac3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fb65cd098ba1e7c1269179112a64a30_JaffaCakes118
Size

22KB
Sample

240725-qe5jzstbqg
MD5

6fb65cd098ba1e7c1269179112a64a30
SHA1

c62cbe9738d119df56aba3b7e2deaa192e6da117
SHA256

57bc14bc7a24317cf7401924fcc1fccef70b7c1ed706d0fb0434256dc11feac3
SHA512

88198ed97f195d619d422151c8c43bf29bef4dfad40fa7c21bc422b15100f8b8800733f067216f74d2efb309454e310870d04958b2110909dacc01c3f38ed6d9
SSDEEP

384:8Mxyh8S+SDJpiJawL1Lo1Zwyf0SLDb6cViEXirhcqVu6dDhVmqUL1NIyWHh:hPS+SDD1wLq1Zzf0S6qKhcz6dDhVhA1s

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6fb65cd098ba1e7c1269179112a64a30_JaffaCakes118
- Size
  
  22KB
- MD5
  
  6fb65cd098ba1e7c1269179112a64a30
- SHA1
  
  c62cbe9738d119df56aba3b7e2deaa192e6da117
- SHA256
  
  57bc14bc7a24317cf7401924fcc1fccef70b7c1ed706d0fb0434256dc11feac3
- SHA512
  
  88198ed97f195d619d422151c8c43bf29bef4dfad40fa7c21bc422b15100f8b8800733f067216f74d2efb309454e310870d04958b2110909dacc01c3f38ed6d9
- SSDEEP
  
  384:8Mxyh8S+SDJpiJawL1Lo1Zwyf0SLDb6cViEXirhcqVu6dDhVmqUL1NIyWHh:hPS+SDD1wLq1Zzf0S6qKhcz6dDhVhA1s
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2