4d49e580a487e3442735a0dd1e98d1c48c9c5921053889b4d7c900c813672799 | Triage

Sharing

General

Target

edae221e2e7cd186901458e3f722b2e9_JaffaCakes118
Size

104KB
Sample

240920-qnmqjayclg
MD5

edae221e2e7cd186901458e3f722b2e9
SHA1

9a3ffc6e56758d5810d0296697b12185885b21c9
SHA256

4d49e580a487e3442735a0dd1e98d1c48c9c5921053889b4d7c900c813672799
SHA512

8df1a69d6aeb4011e39ed636655cba9a5626ccef28ce9afdef7482c1d6027d76b1f04cc0a07685a8e6d64f75ee9155b971f6e66d57f3861ea1fd8d7c100b821b
SSDEEP

3072:X1B31bdBob2QXpEEeJiI2EcVwSk5YXTf7TEZd:X731bdBaBSERVLk5kAd

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  edae221e2e7cd186901458e3f722b2e9_JaffaCakes118
- Size
  
  104KB
- MD5
  
  edae221e2e7cd186901458e3f722b2e9
- SHA1
  
  9a3ffc6e56758d5810d0296697b12185885b21c9
- SHA256
  
  4d49e580a487e3442735a0dd1e98d1c48c9c5921053889b4d7c900c813672799
- SHA512
  
  8df1a69d6aeb4011e39ed636655cba9a5626ccef28ce9afdef7482c1d6027d76b1f04cc0a07685a8e6d64f75ee9155b971f6e66d57f3861ea1fd8d7c100b821b
- SSDEEP
  
  3072:X1B31bdBob2QXpEEeJiI2EcVwSk5YXTf7TEZd:X731bdBaBSERVLk5kAd
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence