c1585e301a7778d232a0eacad07dac423120be7e0534383d8b5508789e754d2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3bc614ec264fee8b83aaa5a7c345192_JaffaCakes118
Size

148KB
Sample

240908-g4qmpa1dpk
MD5

d3bc614ec264fee8b83aaa5a7c345192
SHA1

2143cc17c890426fa782d337338645c522f0a4be
SHA256

c1585e301a7778d232a0eacad07dac423120be7e0534383d8b5508789e754d2e
SHA512

e4cba22398881c7806735d1f280ca0b1b02826ea76c130d5b5e68976eab049ccff1a756314cca1ff3292689d9cad06d22a044b1d2e08b57f1c5b5699eac92aea
SSDEEP

1536:tdEdwck6vZ2rT1eCi9RDrLJHG0TNltvc5f4et0p+e85tVkh9oBybNsu2DKF:tprBO9hjTNjc14l+TthBVW

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d3bc614ec264fee8b83aaa5a7c345192_JaffaCakes118
- Size
  
  148KB
- MD5
  
  d3bc614ec264fee8b83aaa5a7c345192
- SHA1
  
  2143cc17c890426fa782d337338645c522f0a4be
- SHA256
  
  c1585e301a7778d232a0eacad07dac423120be7e0534383d8b5508789e754d2e
- SHA512
  
  e4cba22398881c7806735d1f280ca0b1b02826ea76c130d5b5e68976eab049ccff1a756314cca1ff3292689d9cad06d22a044b1d2e08b57f1c5b5699eac92aea
- SSDEEP
  
  1536:tdEdwck6vZ2rT1eCi9RDrLJHG0TNltvc5f4et0p+e85tVkh9oBybNsu2DKF:tprBO9hjTNjc14l+TthBVW
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2