General
-
Target
ef286de7cc4cdf261f45669400d8b9ea_JaffaCakes118
-
Size
1.9MB
-
Sample
240921-ga17bsxdnk
-
MD5
ef286de7cc4cdf261f45669400d8b9ea
-
SHA1
8ce1800685e6607de8d78d452b2649de499fc8aa
-
SHA256
91dea9e5ea612fad4f5282a698464a35ed803651ed6e901ac8998ca8566352b2
-
SHA512
a98fb9cc326c2047ad9104083e2b981df0ba8396a58c29ac54a67064df3172ef50e2dee9da5ed1c1bfec3c6e19d9451a00be232e174b3c6c7d513da31e07df46
-
SSDEEP
12288:D/FhCcImvdsFa2I9x81fq0uKVMDkidwC7x4khdxJjnDAD6TtptS7ZO8jSVCDI:+aj9x8xq5KvqzXxJdT47ZxSVCDI
Malware Config
Targets
-
-
Target
ef286de7cc4cdf261f45669400d8b9ea_JaffaCakes118
-
Size
1.9MB
-
MD5
ef286de7cc4cdf261f45669400d8b9ea
-
SHA1
8ce1800685e6607de8d78d452b2649de499fc8aa
-
SHA256
91dea9e5ea612fad4f5282a698464a35ed803651ed6e901ac8998ca8566352b2
-
SHA512
a98fb9cc326c2047ad9104083e2b981df0ba8396a58c29ac54a67064df3172ef50e2dee9da5ed1c1bfec3c6e19d9451a00be232e174b3c6c7d513da31e07df46
-
SSDEEP
12288:D/FhCcImvdsFa2I9x81fq0uKVMDkidwC7x4khdxJjnDAD6TtptS7ZO8jSVCDI:+aj9x8xq5KvqzXxJdT47ZxSVCDI
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Modifies WinLogon
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2