80c758780ae78913a6f465fa256f1190372c70319fd819f891dc9e992893ad6e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0e4c6ae4f57a8d6c054708f19fdbbfa_JaffaCakes118
Size

186KB
Sample

240907-c1fabs1crc
MD5

d0e4c6ae4f57a8d6c054708f19fdbbfa
SHA1

c660e2a461c7ec03a9045d0278274b989214fff1
SHA256

80c758780ae78913a6f465fa256f1190372c70319fd819f891dc9e992893ad6e
SHA512

50585aee405d0a4add16134f26cbc141d9f1893c9192970aada6d988a8d62541814db090e4adc55e41aacc0f0933ced73df94c4a52561abbd6f702bb4033e89f
SSDEEP

3072:4CT0KADLCIkiTAcDRnDnNOZcLymcYf4PaJo2N1/qYiO9PS4eUjcO8xQY+udw5oTY:PTq6diTAwnDnnLkYgSDNtPiO9PvXvSwn

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d0e4c6ae4f57a8d6c054708f19fdbbfa_JaffaCakes118
- Size
  
  186KB
- MD5
  
  d0e4c6ae4f57a8d6c054708f19fdbbfa
- SHA1
  
  c660e2a461c7ec03a9045d0278274b989214fff1
- SHA256
  
  80c758780ae78913a6f465fa256f1190372c70319fd819f891dc9e992893ad6e
- SHA512
  
  50585aee405d0a4add16134f26cbc141d9f1893c9192970aada6d988a8d62541814db090e4adc55e41aacc0f0933ced73df94c4a52561abbd6f702bb4033e89f
- SSDEEP
  
  3072:4CT0KADLCIkiTAcDRnDnNOZcLymcYf4PaJo2N1/qYiO9PS4eUjcO8xQY+udw5oTY:PTq6diTAwnDnnLkYgSDNtPiO9PvXvSwn
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence