c313c1fc068afaed6f32c5d3960a3c4a5385652cb283ba429c8b3bcc6b927cb3 | Triage

Sharing

General

Target

edae7e5df1de5a6f3c030215a97cecf6_JaffaCakes118
Size

134KB
Sample

240920-qpaglaycpb
MD5

edae7e5df1de5a6f3c030215a97cecf6
SHA1

0f4c87b2fd9d9476a09d9b8fa44c16e680ca8e3d
SHA256

c313c1fc068afaed6f32c5d3960a3c4a5385652cb283ba429c8b3bcc6b927cb3
SHA512

ef39f018d2843e2a13f646a156ee4bf31b5c0daf74df5c25344b663cae558214dbcea1181a7ddea0a2168d85adc66bea93d9c7ad5b98721d3d41ec410cfddb23
SSDEEP

3072:kUGTaiwM7tFOiWgU9oiZthCg+A713/NPvZWAu6+NBF9:kp+51vNPhWAu6+NV

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  edae7e5df1de5a6f3c030215a97cecf6_JaffaCakes118
- Size
  
  134KB
- MD5
  
  edae7e5df1de5a6f3c030215a97cecf6
- SHA1
  
  0f4c87b2fd9d9476a09d9b8fa44c16e680ca8e3d
- SHA256
  
  c313c1fc068afaed6f32c5d3960a3c4a5385652cb283ba429c8b3bcc6b927cb3
- SHA512
  
  ef39f018d2843e2a13f646a156ee4bf31b5c0daf74df5c25344b663cae558214dbcea1181a7ddea0a2168d85adc66bea93d9c7ad5b98721d3d41ec410cfddb23
- SSDEEP
  
  3072:kUGTaiwM7tFOiWgU9oiZthCg+A713/NPvZWAu6+NBF9:kp+51vNPhWAu6+NV
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence