bd08a1e59d76cc8b55e87c98a4222bd37c4c0eb0cf06de0a661f290c0009846c | Triage

Sharing

General

Target

ed6ada43eecc1118586902552d95edb6_JaffaCakes118
Size

21KB
Sample

240920-mt5lrascnh
MD5

ed6ada43eecc1118586902552d95edb6
SHA1

cf86132fd0a233f4149fcc4d127b577d8ccf116f
SHA256

bd08a1e59d76cc8b55e87c98a4222bd37c4c0eb0cf06de0a661f290c0009846c
SHA512

0ddcc83213ae84fa6ad928ea58c20ef663d3cc08efb140e73f0026193548cbfd0ef975e3024700818e6de3b007e5046703bb1022eb0fcc2e11588bfb69dd2a62
SSDEEP

384:tawTsDAQtd7rBBreZ/MtKJU+X3bjRdaNcokAfm44PnIBWjz7wrVXK/QGCvKOMjCN:tawQU69+rm+nbjRno7mvIBWjSpnGCCaj

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ed6ada43eecc1118586902552d95edb6_JaffaCakes118
- Size
  
  21KB
- MD5
  
  ed6ada43eecc1118586902552d95edb6
- SHA1
  
  cf86132fd0a233f4149fcc4d127b577d8ccf116f
- SHA256
  
  bd08a1e59d76cc8b55e87c98a4222bd37c4c0eb0cf06de0a661f290c0009846c
- SHA512
  
  0ddcc83213ae84fa6ad928ea58c20ef663d3cc08efb140e73f0026193548cbfd0ef975e3024700818e6de3b007e5046703bb1022eb0fcc2e11588bfb69dd2a62
- SSDEEP
  
  384:tawTsDAQtd7rBBreZ/MtKJU+X3bjRdaNcokAfm44PnIBWjz7wrVXK/QGCvKOMjCN:tawQU69+rm+nbjRno7mvIBWjSpnGCCaj
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence