General
-
Target
ecbc296248dbedd0f4cc1ca700c0ff40_JaffaCakes118
-
Size
80KB
-
Sample
240920-drzhaawala
-
MD5
ecbc296248dbedd0f4cc1ca700c0ff40
-
SHA1
3cdf52549cae5562106f9358f415f6dce6674109
-
SHA256
a684bf5c2b0af22c167912c5dacedaa1f6c47f355bc6189b3bbd6a1ee33efad2
-
SHA512
c5a510102d9692497841f0c8542e86770941fce1a4a908af2ce88e666f1c6f7d7276df1ae443c1acb11997f8437bb37a01b525b924d9e25c98427f3a36a270bc
-
SSDEEP
1536:7xkM4pmRE3aciANIaaMtJSxehaZC3Q9aoYYD:7m1IaasJSxehaZC3Q9aoYo
Malware Config
Targets
-
-
Target
ecbc296248dbedd0f4cc1ca700c0ff40_JaffaCakes118
-
Size
80KB
-
MD5
ecbc296248dbedd0f4cc1ca700c0ff40
-
SHA1
3cdf52549cae5562106f9358f415f6dce6674109
-
SHA256
a684bf5c2b0af22c167912c5dacedaa1f6c47f355bc6189b3bbd6a1ee33efad2
-
SHA512
c5a510102d9692497841f0c8542e86770941fce1a4a908af2ce88e666f1c6f7d7276df1ae443c1acb11997f8437bb37a01b525b924d9e25c98427f3a36a270bc
-
SSDEEP
1536:7xkM4pmRE3aciANIaaMtJSxehaZC3Q9aoYYD:7m1IaasJSxehaZC3Q9aoYo
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1