fa85e606133307d740d6f49a1f8006e9830f7cbc4da913ee7e7fd406a5da775f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0c8dea4df6fb79d2439d8057b62cb43_JaffaCakes118
Size

202KB
Sample

240820-zl59jawfpp
MD5

b0c8dea4df6fb79d2439d8057b62cb43
SHA1

d54b74f054a601eb018a36ea3ff0c9043ed4bb63
SHA256

fa85e606133307d740d6f49a1f8006e9830f7cbc4da913ee7e7fd406a5da775f
SHA512

fe830e93aa1872a2043646c9bd17171e55fe072aad89a0aaf14cb957980974f67d4ebc4483b80b177f88bcc014c76f16eb342740424efb60a15735e4b7339178
SSDEEP

6144:KFP2x9+EkFBOg3S1/hHpa1ZYe0Es/YdDMZjnq4hy9F:K0+C3Hw1ZYe0Es/qMJq4Y9F

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b0c8dea4df6fb79d2439d8057b62cb43_JaffaCakes118
- Size
  
  202KB
- MD5
  
  b0c8dea4df6fb79d2439d8057b62cb43
- SHA1
  
  d54b74f054a601eb018a36ea3ff0c9043ed4bb63
- SHA256
  
  fa85e606133307d740d6f49a1f8006e9830f7cbc4da913ee7e7fd406a5da775f
- SHA512
  
  fe830e93aa1872a2043646c9bd17171e55fe072aad89a0aaf14cb957980974f67d4ebc4483b80b177f88bcc014c76f16eb342740424efb60a15735e4b7339178
- SSDEEP
  
  6144:KFP2x9+EkFBOg3S1/hHpa1ZYe0Es/YdDMZjnq4hy9F:K0+C3Hw1ZYe0Es/qMJq4Y9F
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2