General
-
Target
d21e33e881197fee45f7546fd3483054_JaffaCakes118
-
Size
784KB
-
Sample
240907-rhdfcaxgnm
-
MD5
d21e33e881197fee45f7546fd3483054
-
SHA1
1a9bd2a1c5cbead86412a3cbb64298b6bff211db
-
SHA256
6d709ed83e2b24754e163b52686909dcaa73c0976b6b05ee4999336b6e485f65
-
SHA512
c33bef40995abad65f0e4beddda3b8093b37a69642870ffb499e232e587bcb268485694bde1941078567204f6bfb185ec09ea3889d7836595b5e5a58ddd75cf8
-
SSDEEP
12288:oEWHD328xWchurYu1GGfRcGC34e6gdooa:oEoD9xorY9GfRTC34dVoa
Malware Config
Targets
-
-
Target
d21e33e881197fee45f7546fd3483054_JaffaCakes118
-
Size
784KB
-
MD5
d21e33e881197fee45f7546fd3483054
-
SHA1
1a9bd2a1c5cbead86412a3cbb64298b6bff211db
-
SHA256
6d709ed83e2b24754e163b52686909dcaa73c0976b6b05ee4999336b6e485f65
-
SHA512
c33bef40995abad65f0e4beddda3b8093b37a69642870ffb499e232e587bcb268485694bde1941078567204f6bfb185ec09ea3889d7836595b5e5a58ddd75cf8
-
SSDEEP
12288:oEWHD328xWchurYu1GGfRcGC34e6gdooa:oEoD9xorY9GfRTC34dVoa
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2