055678ece559e043b45a48a74ad5650515dadf49e72159f68a42a425c0bff8b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c897ec8d06daab99bc2ecc2a5c8e4c62_JaffaCakes118
Size

250KB
Sample

240829-lvrwlsxdlk
MD5

c897ec8d06daab99bc2ecc2a5c8e4c62
SHA1

b74a6ba6c6d842999750069611a5ef361af49106
SHA256

055678ece559e043b45a48a74ad5650515dadf49e72159f68a42a425c0bff8b7
SHA512

9e6ae79046813d6cefe7e5a462d922d6ad51bb596763ac4afcadebb85fb858d7b02b462774c13217c2070fa834ff7c67f52206c1382cbad067a12a867c74c42b
SSDEEP

6144:ogIU/63FJS4j1CcSUngTpKeT0Oa3LnPI3DJ3F:ogIUy3FJB5COgTBT9ALPIzdF

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  c897ec8d06daab99bc2ecc2a5c8e4c62_JaffaCakes118
- Size
  
  250KB
- MD5
  
  c897ec8d06daab99bc2ecc2a5c8e4c62
- SHA1
  
  b74a6ba6c6d842999750069611a5ef361af49106
- SHA256
  
  055678ece559e043b45a48a74ad5650515dadf49e72159f68a42a425c0bff8b7
- SHA512
  
  9e6ae79046813d6cefe7e5a462d922d6ad51bb596763ac4afcadebb85fb858d7b02b462774c13217c2070fa834ff7c67f52206c1382cbad067a12a867c74c42b
- SSDEEP
  
  6144:ogIU/63FJS4j1CcSUngTpKeT0Oa3LnPI3DJ3F:ogIUy3FJB5COgTBT9ALPIzdF
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2