1e5e47474399054c719a95311072f49396a49bcb26acbb13dcb2dd964a157853 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acb31309c61bf9d9d1cdc7fe8062ba3c_JaffaCakes118
Size

512KB
Sample

240819-1mfkya1flj
MD5

acb31309c61bf9d9d1cdc7fe8062ba3c
SHA1

332ffaf3f73944e76f4e495b63eda6b68356c071
SHA256

1e5e47474399054c719a95311072f49396a49bcb26acbb13dcb2dd964a157853
SHA512

a49aded70bf60b681e6600071e9232da34b8a81c5b9e334bf09a169f870df2bc4f21403416705d71378c1efcae09584590cdc40f995f37f7c7fafad6a8656d38
SSDEEP

12288:YpRo8DIqY7R0+GSfXntmPrp/VR0DqY1i85:mRo8DVkRBGumLR9Qi85

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  acb31309c61bf9d9d1cdc7fe8062ba3c_JaffaCakes118
- Size
  
  512KB
- MD5
  
  acb31309c61bf9d9d1cdc7fe8062ba3c
- SHA1
  
  332ffaf3f73944e76f4e495b63eda6b68356c071
- SHA256
  
  1e5e47474399054c719a95311072f49396a49bcb26acbb13dcb2dd964a157853
- SHA512
  
  a49aded70bf60b681e6600071e9232da34b8a81c5b9e334bf09a169f870df2bc4f21403416705d71378c1efcae09584590cdc40f995f37f7c7fafad6a8656d38
- SSDEEP
  
  12288:YpRo8DIqY7R0+GSfXntmPrp/VR0DqY1i85:mRo8DVkRBGumLR9Qi85
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence