fd0e493f5ff0d89c04aed4bdf1baaaf31fcf33dfc549cf468829b4c0cadd3a45 | Triage

Sharing

General

Target

d0c0e53a61c773d2c8fa5785c0ce1142_JaffaCakes118
Size

228KB
Sample

240907-a8k5fawfqg
MD5

d0c0e53a61c773d2c8fa5785c0ce1142
SHA1

5c6126811d8ced568518360e7cd2f169ea7749b1
SHA256

fd0e493f5ff0d89c04aed4bdf1baaaf31fcf33dfc549cf468829b4c0cadd3a45
SHA512

fb5cf718d22a93808facaa18b64431f25b62d869f238cd95d5d4b1839f747765e69f43e19103a7bc0c50404b06decb68605f1d60588ed4e8b490ac6c11697e50
SSDEEP

6144:z5rMoSPvysMuuTlSy2fNBAtTAn0LHzSx8cG:z5goEs/hR8NEcnEmx83

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d0c0e53a61c773d2c8fa5785c0ce1142_JaffaCakes118
- Size
  
  228KB
- MD5
  
  d0c0e53a61c773d2c8fa5785c0ce1142
- SHA1
  
  5c6126811d8ced568518360e7cd2f169ea7749b1
- SHA256
  
  fd0e493f5ff0d89c04aed4bdf1baaaf31fcf33dfc549cf468829b4c0cadd3a45
- SHA512
  
  fb5cf718d22a93808facaa18b64431f25b62d869f238cd95d5d4b1839f747765e69f43e19103a7bc0c50404b06decb68605f1d60588ed4e8b490ac6c11697e50
- SSDEEP
  
  6144:z5rMoSPvysMuuTlSy2fNBAtTAn0LHzSx8cG:z5goEs/hR8NEcnEmx83
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence