0e0a6d27fbe14ccd69e2c41a3c2dd9c312181fd7d7aca2117c9ce462e69390ac | Triage

Sharing

General

Target

81c4385eb959b53da84e3740c4095048_JaffaCakes118
Size

61KB
Sample

240801-zxal1a1amd
MD5

81c4385eb959b53da84e3740c4095048
SHA1

6307f1d13000a4c6f74c838bd253586f95b6e32d
SHA256

0e0a6d27fbe14ccd69e2c41a3c2dd9c312181fd7d7aca2117c9ce462e69390ac
SHA512

788be484c965f1f0cebab4889978b83c616f4121abf784e5820b0e7961851f894d70b94ec19e03bb5f0fe53e6120eecbb979f72e30fed681c4ae4b7cd51422c3
SSDEEP

1536:MBOjity3/7iFw2PnYD57y2+rrQotEZl/n5JuW:4g1/7iFwKn8N+4xhJB

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  81c4385eb959b53da84e3740c4095048_JaffaCakes118
- Size
  
  61KB
- MD5
  
  81c4385eb959b53da84e3740c4095048
- SHA1
  
  6307f1d13000a4c6f74c838bd253586f95b6e32d
- SHA256
  
  0e0a6d27fbe14ccd69e2c41a3c2dd9c312181fd7d7aca2117c9ce462e69390ac
- SHA512
  
  788be484c965f1f0cebab4889978b83c616f4121abf784e5820b0e7961851f894d70b94ec19e03bb5f0fe53e6120eecbb979f72e30fed681c4ae4b7cd51422c3
- SSDEEP
  
  1536:MBOjity3/7iFw2PnYD57y2+rrQotEZl/n5JuW:4g1/7iFwKn8N+4xhJB
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence