06c152def9ea1e556248468a63d950dcfc72042f44aed02cf6bd083c0928e622 | Triage

Sharing

General

Target

cf6d84ba47c1567992a6dc583549964f_JaffaCakes118
Size

161KB
Sample

240906-nel2jatbnn
MD5

cf6d84ba47c1567992a6dc583549964f
SHA1

cedaf2727a293e6f076e5b99544b8a46f31eae83
SHA256

06c152def9ea1e556248468a63d950dcfc72042f44aed02cf6bd083c0928e622
SHA512

99b333bd4590170b43aa62848c40fc2204196b524c9134000e9c72d94ae5269df9c43d8a83a20d41fb66e913aeae99612d08ef9dcbbeba9bc3a5fcbcfb8a6f4f
SSDEEP

3072:RxUYKciBwMzodoXkbxKq+jXp/Wysw3o2rE1Mx60hbzqfRPXnOluqwu:sTBwM0pbvUCw3u1MxvzqfVelu5u

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  cf6d84ba47c1567992a6dc583549964f_JaffaCakes118
- Size
  
  161KB
- MD5
  
  cf6d84ba47c1567992a6dc583549964f
- SHA1
  
  cedaf2727a293e6f076e5b99544b8a46f31eae83
- SHA256
  
  06c152def9ea1e556248468a63d950dcfc72042f44aed02cf6bd083c0928e622
- SHA512
  
  99b333bd4590170b43aa62848c40fc2204196b524c9134000e9c72d94ae5269df9c43d8a83a20d41fb66e913aeae99612d08ef9dcbbeba9bc3a5fcbcfb8a6f4f
- SSDEEP
  
  3072:RxUYKciBwMzodoXkbxKq+jXp/Wysw3o2rE1Mx60hbzqfRPXnOluqwu:sTBwM0pbvUCw3u1MxvzqfVelu5u
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence