General
-
Target
d28c4e16057282d82489479a6e3b256f_JaffaCakes118
-
Size
671KB
-
Sample
240907-wtvwzsxclp
-
MD5
d28c4e16057282d82489479a6e3b256f
-
SHA1
1bf5d9be60c03b5822c3415be45de46da787cacb
-
SHA256
ad849e1e9a804e98be2ab2a5df54552ea872c98d126c3a8da7b49d4fb7c7aaa4
-
SHA512
23b7eb55bdacbddf7bdf90598e9e9fdbdad04d2f03a601d11a376f345f4a762bbf26da5f36e560fa4dd476a5ec46f8f4da565e54c6bd493251c80af42b8eee81
-
SSDEEP
12288:YaWzgMg7v3qnCiMErQohh0F4CCJ8lnyC8IPAhhpZC:PaHMv6CorjqnyC8IgtC
Malware Config
Targets
-
-
Target
d28c4e16057282d82489479a6e3b256f_JaffaCakes118
-
Size
671KB
-
MD5
d28c4e16057282d82489479a6e3b256f
-
SHA1
1bf5d9be60c03b5822c3415be45de46da787cacb
-
SHA256
ad849e1e9a804e98be2ab2a5df54552ea872c98d126c3a8da7b49d4fb7c7aaa4
-
SHA512
23b7eb55bdacbddf7bdf90598e9e9fdbdad04d2f03a601d11a376f345f4a762bbf26da5f36e560fa4dd476a5ec46f8f4da565e54c6bd493251c80af42b8eee81
-
SSDEEP
12288:YaWzgMg7v3qnCiMErQohh0F4CCJ8lnyC8IPAhhpZC:PaHMv6CorjqnyC8IgtC
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Remote Service Session Hijacking: RDP Hijacking
Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Hide Artifacts: Hidden Users
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1