1dcbbfd5c817ef434352f0f99ffcc6ee2c239f34ccade976b7f2dcd5b38e9c67 | Triage

Sharing

General

Target

8b8f63d8103c5a5fc8a321da1ee5f6e5_JaffaCakes118
Size

214KB
Sample

240811-xg2pfaxbjb
MD5

8b8f63d8103c5a5fc8a321da1ee5f6e5
SHA1

fbe5fc504e14f0105b30e35d1f8977bb49bbcc1c
SHA256

1dcbbfd5c817ef434352f0f99ffcc6ee2c239f34ccade976b7f2dcd5b38e9c67
SHA512

4f1fc5b5778dcfb530ffd3774fa5f27b66bd874f68b46a083055eec3851fb429bd3a2ed112d9007f07a70de1564ae305b1aadd32aa0009e2304f41b67f2c295b
SSDEEP

6144:HYLkIjQ2vMKd2quNXw6FLdLMQX55QnaZcKnePXe3q:GjzdgH9ZqKN6

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8b8f63d8103c5a5fc8a321da1ee5f6e5_JaffaCakes118
- Size
  
  214KB
- MD5
  
  8b8f63d8103c5a5fc8a321da1ee5f6e5
- SHA1
  
  fbe5fc504e14f0105b30e35d1f8977bb49bbcc1c
- SHA256
  
  1dcbbfd5c817ef434352f0f99ffcc6ee2c239f34ccade976b7f2dcd5b38e9c67
- SHA512
  
  4f1fc5b5778dcfb530ffd3774fa5f27b66bd874f68b46a083055eec3851fb429bd3a2ed112d9007f07a70de1564ae305b1aadd32aa0009e2304f41b67f2c295b
- SSDEEP
  
  6144:HYLkIjQ2vMKd2quNXw6FLdLMQX55QnaZcKnePXe3q:GjzdgH9ZqKN6
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence