8195dd38f4a9b510fe2c53fc4643a42d456ee59325c576350206273daaabdaee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1cd7334725e1848e2a421703572b5de_JaffaCakes118
Size

242KB
Sample

240915-gat31sybrq
MD5

e1cd7334725e1848e2a421703572b5de
SHA1

ee5565e8511dd50fd9fd6ab7ea80a8a0c4fb1053
SHA256

8195dd38f4a9b510fe2c53fc4643a42d456ee59325c576350206273daaabdaee
SHA512

86af7425c6da4ba73976b7163dcd428e93cafe173e25c338a616c51fa5feedbadc6e6f83610fe6e83bd99240834fc443ef7e7a1adc0fee9d0ade6aacdbb43734
SSDEEP

3072:8Oe1+Z8MBpkbfsblBxIQRDMIdm7exvUrgJ+nW/PZV/KeL99ZL3aHgHbqRKT/JkTb:W1AnzblBp7jovwPPJ9MHiMe/JkGwLRT

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  e1cd7334725e1848e2a421703572b5de_JaffaCakes118
- Size
  
  242KB
- MD5
  
  e1cd7334725e1848e2a421703572b5de
- SHA1
  
  ee5565e8511dd50fd9fd6ab7ea80a8a0c4fb1053
- SHA256
  
  8195dd38f4a9b510fe2c53fc4643a42d456ee59325c576350206273daaabdaee
- SHA512
  
  86af7425c6da4ba73976b7163dcd428e93cafe173e25c338a616c51fa5feedbadc6e6f83610fe6e83bd99240834fc443ef7e7a1adc0fee9d0ade6aacdbb43734
- SSDEEP
  
  3072:8Oe1+Z8MBpkbfsblBxIQRDMIdm7exvUrgJ+nW/PZV/KeL99ZL3aHgHbqRKT/JkTb:W1AnzblBp7jovwPPJ9MHiMe/JkGwLRT
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2