General
-
Target
89c58d23bec1e17b749521029464e29c_JaffaCakes118
-
Size
257KB
-
Sample
240811-kzml1sxbrf
-
MD5
89c58d23bec1e17b749521029464e29c
-
SHA1
668a7c6832779fea571b6725e5cdab0e291876c3
-
SHA256
77c2da11b26225199990a47fe58172fc6fab8afbd7454fcec84bc4fd207eda37
-
SHA512
bd04aef6030c4dc42f1ef20fdf8d882573f668a3c23d2c9ff1a5564466ccef0beaf6e4045d5d93bd19ad0e7cd80adae3327f2ab4f389b940e7983f98f0048b5f
-
SSDEEP
6144:ggiD9CmFlaRUdduv9sZIUlfxryHfvau9hHoyrnETB2ebz:89C3N2ZIUl4/njr8B2Yz
Malware Config
Targets
-
-
Target
89c58d23bec1e17b749521029464e29c_JaffaCakes118
-
Size
257KB
-
MD5
89c58d23bec1e17b749521029464e29c
-
SHA1
668a7c6832779fea571b6725e5cdab0e291876c3
-
SHA256
77c2da11b26225199990a47fe58172fc6fab8afbd7454fcec84bc4fd207eda37
-
SHA512
bd04aef6030c4dc42f1ef20fdf8d882573f668a3c23d2c9ff1a5564466ccef0beaf6e4045d5d93bd19ad0e7cd80adae3327f2ab4f389b940e7983f98f0048b5f
-
SSDEEP
6144:ggiD9CmFlaRUdduv9sZIUlfxryHfvau9hHoyrnETB2ebz:89C3N2ZIUl4/njr8B2Yz
Score10/10-
Modifies WinLogon for persistence
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2