General
-
Target
8dc2bc892ba1f2f7f25a9e9bcfaa4def_JaffaCakes118
-
Size
342KB
-
Sample
240812-hr5rhszemq
-
MD5
8dc2bc892ba1f2f7f25a9e9bcfaa4def
-
SHA1
74cd24917e9ce5f1c2cb86bcd992ba8b86919e13
-
SHA256
ac81f6e6887bcc1f6bbced0adce7f7a4c49c774c81a522b2faef74f7ecbfa7d4
-
SHA512
3dd590a4455b707f7ae82335c451e9b6d7fa0ccf5661a9d2f85a2899cac017805b96b6314dd00ad3dcecdf930928020b121c9cd16f11fc1e7ca6465b6deac35d
-
SSDEEP
6144:J6gJbaRkNJvY2k0bsRkcQRkfIwps+69yV9Goa0ixEHzBmcrBlVZU+LF6CBPG:nbm8qN0bFciRwf69GxiKTBvVZJG
Malware Config
Targets
-
-
Target
8dc2bc892ba1f2f7f25a9e9bcfaa4def_JaffaCakes118
-
Size
342KB
-
MD5
8dc2bc892ba1f2f7f25a9e9bcfaa4def
-
SHA1
74cd24917e9ce5f1c2cb86bcd992ba8b86919e13
-
SHA256
ac81f6e6887bcc1f6bbced0adce7f7a4c49c774c81a522b2faef74f7ecbfa7d4
-
SHA512
3dd590a4455b707f7ae82335c451e9b6d7fa0ccf5661a9d2f85a2899cac017805b96b6314dd00ad3dcecdf930928020b121c9cd16f11fc1e7ca6465b6deac35d
-
SSDEEP
6144:J6gJbaRkNJvY2k0bsRkcQRkfIwps+69yV9Goa0ixEHzBmcrBlVZU+LF6CBPG:nbm8qN0bFciRwf69GxiKTBvVZJG
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies WinLogon
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2