b361367f2a5814df99c9edaf4a3708df8192c1e0f306e880748ddfb2ccdc82ae | Triage

Sharing

General

Target

ef54d968a0cd250e3ffd74ba96d62200_JaffaCakes118
Size

49KB
Sample

240921-jebtca1enb
MD5

ef54d968a0cd250e3ffd74ba96d62200
SHA1

d43ec176ebd8612a57ce33100f61a893f8b214d9
SHA256

b361367f2a5814df99c9edaf4a3708df8192c1e0f306e880748ddfb2ccdc82ae
SHA512

f5738d4f9d7612d64a7e07a22b2acb9d8e77a3f9de19de40da5829e8c4ffb5484dd3be832d946bc75d2e44a7ef39ef09676a85e6b069d8339610648892bf5beb
SSDEEP

768:lZw4xtXVvExAYlPxGMO2FtDBe0ZeW+FKhHQdomhTOW1r8RNKfKP2Z4EvB1piqnVc:lZw4xpV8xBl5TFreUevIS7o6dZ4U

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ef54d968a0cd250e3ffd74ba96d62200_JaffaCakes118
- Size
  
  49KB
- MD5
  
  ef54d968a0cd250e3ffd74ba96d62200
- SHA1
  
  d43ec176ebd8612a57ce33100f61a893f8b214d9
- SHA256
  
  b361367f2a5814df99c9edaf4a3708df8192c1e0f306e880748ddfb2ccdc82ae
- SHA512
  
  f5738d4f9d7612d64a7e07a22b2acb9d8e77a3f9de19de40da5829e8c4ffb5484dd3be832d946bc75d2e44a7ef39ef09676a85e6b069d8339610648892bf5beb
- SSDEEP
  
  768:lZw4xtXVvExAYlPxGMO2FtDBe0ZeW+FKhHQdomhTOW1r8RNKfKP2Z4EvB1piqnVc:lZw4xpV8xBl5TFreUevIS7o6dZ4U
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence