64817c286543b13c5d4dd05d9208be11706407e251783cc97d6990fc8db4799d | Triage

Sharing

General

Target

ece505b2521427267e15c35990235120_JaffaCakes118
Size

290KB
Sample

240920-fq5c9azhpm
MD5

ece505b2521427267e15c35990235120
SHA1

eb04fae3858b963cadb0551ab6220c585f6433ba
SHA256

64817c286543b13c5d4dd05d9208be11706407e251783cc97d6990fc8db4799d
SHA512

b62433235fb4f8e0b70b0bdab7182eaf7ebb526ed39c5509aee867695bc1309c1bb3563dd4750f833ef9cf454ce9bc3368453caad719f0543dde0fef83ebb4a6
SSDEEP

6144:yEsNEdNdh2H0+k8yVvlJ81QDqpvJmtClqEZR3sDcHD:Wsf2UUyVn8+qFJzsQ34cj

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ece505b2521427267e15c35990235120_JaffaCakes118
- Size
  
  290KB
- MD5
  
  ece505b2521427267e15c35990235120
- SHA1
  
  eb04fae3858b963cadb0551ab6220c585f6433ba
- SHA256
  
  64817c286543b13c5d4dd05d9208be11706407e251783cc97d6990fc8db4799d
- SHA512
  
  b62433235fb4f8e0b70b0bdab7182eaf7ebb526ed39c5509aee867695bc1309c1bb3563dd4750f833ef9cf454ce9bc3368453caad719f0543dde0fef83ebb4a6
- SSDEEP
  
  6144:yEsNEdNdh2H0+k8yVvlJ81QDqpvJmtClqEZR3sDcHD:Wsf2UUyVn8+qFJzsQ34cj
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence