412d9c20244c499c5847ea3c02326b4121a9c5acb7922583c0060b46f14cd00a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

891385de7a6221873b16d96776b0d2e5_JaffaCakes118
Size

510KB
Sample

240811-fkvlvszepf
MD5

891385de7a6221873b16d96776b0d2e5
SHA1

c95ee6426e8a98e525d9bf4e5b4b86f685496066
SHA256

412d9c20244c499c5847ea3c02326b4121a9c5acb7922583c0060b46f14cd00a
SHA512

0c40a5e013284895db4c4df8af5ed89a163cc6df95658ea00e230ef190bef7420eb464af3b02f0c870317bad7a4fadc74adddc002a39a204611299dcaa5c201f
SSDEEP

12288:3A0Aebf4T2yUa1gW9y7PoIodyAdf7CADmXI:wPcfFyU6rSq1MADB

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  891385de7a6221873b16d96776b0d2e5_JaffaCakes118
- Size
  
  510KB
- MD5
  
  891385de7a6221873b16d96776b0d2e5
- SHA1
  
  c95ee6426e8a98e525d9bf4e5b4b86f685496066
- SHA256
  
  412d9c20244c499c5847ea3c02326b4121a9c5acb7922583c0060b46f14cd00a
- SHA512
  
  0c40a5e013284895db4c4df8af5ed89a163cc6df95658ea00e230ef190bef7420eb464af3b02f0c870317bad7a4fadc74adddc002a39a204611299dcaa5c201f
- SSDEEP
  
  12288:3A0Aebf4T2yUa1gW9y7PoIodyAdf7CADmXI:wPcfFyU6rSq1MADB
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence