08fd0babc8771cd3bca1e147ec461563410017bd23c611fd2554a135abd686a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

057da34c5a00f18428982b9d77d8744c_JaffaCakes118
Size

3.4MB
Sample

240728-cf2ylavfkc
MD5

057da34c5a00f18428982b9d77d8744c
SHA1

ee1d6a0a0daf044e2db1348d850daa50ff94bdf7
SHA256

08fd0babc8771cd3bca1e147ec461563410017bd23c611fd2554a135abd686a8
SHA512

c1b3bbdd0fd1e06b4dbd2fbdc65dc57e6fd17e98d08e4e8e4a7ab973d61c62691acb96e075103011ce88a5c7aabe745790cce8751884d739ac51d729ccb9912b
SSDEEP

49152:5Q0sMbsA1lSrD3hH2aYLbl3eRPfPphzb4HJLWhtv8Y/YS0d/vCsDefefQagb:sMtl+3hWaE4fjGWLDQddiKefefPO

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  057da34c5a00f18428982b9d77d8744c_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  057da34c5a00f18428982b9d77d8744c
- SHA1
  
  ee1d6a0a0daf044e2db1348d850daa50ff94bdf7
- SHA256
  
  08fd0babc8771cd3bca1e147ec461563410017bd23c611fd2554a135abd686a8
- SHA512
  
  c1b3bbdd0fd1e06b4dbd2fbdc65dc57e6fd17e98d08e4e8e4a7ab973d61c62691acb96e075103011ce88a5c7aabe745790cce8751884d739ac51d729ccb9912b
- SSDEEP
  
  49152:5Q0sMbsA1lSrD3hH2aYLbl3eRPfPphzb4HJLWhtv8Y/YS0d/vCsDefefQagb:sMtl+3hWaE4fjGWLDQddiKefefPO
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence