9be2b6d41b0cda5a9421db13232b83d7480471751c6be6907937f529d027935e | Triage

Sharing

General

Target

c27f3a3f6e135549b020de978f188f02_JaffaCakes118
Size

48KB
Sample

240826-hrha8a1cke
MD5

c27f3a3f6e135549b020de978f188f02
SHA1

31002066eae41d82a373404330be139db20f449d
SHA256

9be2b6d41b0cda5a9421db13232b83d7480471751c6be6907937f529d027935e
SHA512

bdd2e5d76edf6da5265f28bc8dc6d4299271898ff5c413f828ffaac3c90886be7ef2f9b6d93d22b6733194d254ea8bcb3b5bc6b7013ceb8e3466fa4812cfd631
SSDEEP

192:GrN1miRx8TeAOU190BBkxCQOXW8Vn3NLg5qPCVu1miRx8:wUTRyBbQiVnShVWU

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  c27f3a3f6e135549b020de978f188f02_JaffaCakes118
- Size
  
  48KB
- MD5
  
  c27f3a3f6e135549b020de978f188f02
- SHA1
  
  31002066eae41d82a373404330be139db20f449d
- SHA256
  
  9be2b6d41b0cda5a9421db13232b83d7480471751c6be6907937f529d027935e
- SHA512
  
  bdd2e5d76edf6da5265f28bc8dc6d4299271898ff5c413f828ffaac3c90886be7ef2f9b6d93d22b6733194d254ea8bcb3b5bc6b7013ceb8e3466fa4812cfd631
- SSDEEP
  
  192:GrN1miRx8TeAOU190BBkxCQOXW8Vn3NLg5qPCVu1miRx8:wUTRyBbQiVnShVWU
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence