General
-
Target
8be4b597791b05a1c5f690f0a4407d2e_JaffaCakes118
-
Size
49KB
-
Sample
240811-zgjvqs1eqe
-
MD5
8be4b597791b05a1c5f690f0a4407d2e
-
SHA1
2ce923936bf67891fc32fdf6aaff018c9885d53b
-
SHA256
f7fd13d115b277b9eed6d13512a8db4041bb07d6f94a3989d2ec43dac9e4791c
-
SHA512
277f05d5ccf9ccd8b738dc41315a6b1f6d11adea2aa954d3f73c9aac0ca7920ee235ea5e75dca97ac31c21e93181cc56c6cf6aea0ca441441cc9cc556107193b
-
SSDEEP
768:EnQje5SMCj8rlhWrarTCFxNVDkEHbyobb59ZJuRbvIh2XCeQM2iJc9PA:65S58aWHgxNVDZ7T5duRbvy9vPA
Malware Config
Targets
-
-
Target
8be4b597791b05a1c5f690f0a4407d2e_JaffaCakes118
-
Size
49KB
-
MD5
8be4b597791b05a1c5f690f0a4407d2e
-
SHA1
2ce923936bf67891fc32fdf6aaff018c9885d53b
-
SHA256
f7fd13d115b277b9eed6d13512a8db4041bb07d6f94a3989d2ec43dac9e4791c
-
SHA512
277f05d5ccf9ccd8b738dc41315a6b1f6d11adea2aa954d3f73c9aac0ca7920ee235ea5e75dca97ac31c21e93181cc56c6cf6aea0ca441441cc9cc556107193b
-
SSDEEP
768:EnQje5SMCj8rlhWrarTCFxNVDkEHbyobb59ZJuRbvIh2XCeQM2iJc9PA:65S58aWHgxNVDZ7T5duRbvy9vPA
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1