General
-
Target
b9d0103c6a268a8754fe5172088dcb12_JaffaCakes118
-
Size
460KB
-
Sample
240823-brbecayakg
-
MD5
b9d0103c6a268a8754fe5172088dcb12
-
SHA1
bac205941f691e8d5efa1ec583559aed9667ecf2
-
SHA256
c63b8ae4de61b1e7197b9b36785710f73b2274c8023c3584325be5d926f8290c
-
SHA512
3cd4d14bee3a40356a534b0d704c17c2c2edd02b266ce8ae96b616ea024d71b86f8a78c52d9a29ca9e8d3a65ba58ef958665a436e165e702a2ddf8cac9696bdd
-
SSDEEP
6144:ZYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew2fPDZj:ZSNC80I+cR3R03Vse5fPDZ
Malware Config
Targets
-
-
Target
b9d0103c6a268a8754fe5172088dcb12_JaffaCakes118
-
Size
460KB
-
MD5
b9d0103c6a268a8754fe5172088dcb12
-
SHA1
bac205941f691e8d5efa1ec583559aed9667ecf2
-
SHA256
c63b8ae4de61b1e7197b9b36785710f73b2274c8023c3584325be5d926f8290c
-
SHA512
3cd4d14bee3a40356a534b0d704c17c2c2edd02b266ce8ae96b616ea024d71b86f8a78c52d9a29ca9e8d3a65ba58ef958665a436e165e702a2ddf8cac9696bdd
-
SSDEEP
6144:ZYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew2fPDZj:ZSNC80I+cR3R03Vse5fPDZ
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1