de028b67912f75f06a1ffd2a84d4537226b14468c7ea516efe9b1152a1616147 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7538e5161877d3b22566971d4f184d3_JaffaCakes118
Size

253KB
Sample

240818-tnexgavepk
MD5

a7538e5161877d3b22566971d4f184d3
SHA1

4985a41c46d975ee8ee5217f0010dd97b453afee
SHA256

de028b67912f75f06a1ffd2a84d4537226b14468c7ea516efe9b1152a1616147
SHA512

510a0a14b76b6353418a9360b4e65bd58b6ce32765f228210ce58852cd786518df1aca566b77e8ae8875e2820e9adacf354ce5b6876229f40f41123f67c3c31b
SSDEEP

6144:KjW2Y9wUW7T6yc+xbUVXrbhG/ogXnAqVKHxUnM1RTJ:WY6Z7TA+xoVXrb0QgXn5V2aMZ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  a7538e5161877d3b22566971d4f184d3_JaffaCakes118
- Size
  
  253KB
- MD5
  
  a7538e5161877d3b22566971d4f184d3
- SHA1
  
  4985a41c46d975ee8ee5217f0010dd97b453afee
- SHA256
  
  de028b67912f75f06a1ffd2a84d4537226b14468c7ea516efe9b1152a1616147
- SHA512
  
  510a0a14b76b6353418a9360b4e65bd58b6ce32765f228210ce58852cd786518df1aca566b77e8ae8875e2820e9adacf354ce5b6876229f40f41123f67c3c31b
- SSDEEP
  
  6144:KjW2Y9wUW7T6yc+xbUVXrbhG/ogXnAqVKHxUnM1RTJ:WY6Z7TA+xoVXrb0QgXn5V2aMZ
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence