e7b4390cb8c5d67d82f136d47041806c154809300506442f90508d358baf0f4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5de7a27b222191e778a605d7c71bc28_JaffaCakes118
Size

220KB
Sample

240925-m6lpeavfja
MD5

f5de7a27b222191e778a605d7c71bc28
SHA1

6f7d05e176160245d99c801465d2721b7da234e6
SHA256

e7b4390cb8c5d67d82f136d47041806c154809300506442f90508d358baf0f4a
SHA512

4317d9eb403c24142cd65316852c87bf614a6a9d5e94987bf65ee941d5eb7874fa77e4a2159539162ab7f99d9d3f5278ddb37fdd1e098ea59f17e5a97de605ce
SSDEEP

3072:JhG4UPS/JwAJeLdUXxRh8cO23RlbVqUCNiLeW33yITZos6iAef:JYGyAgLdUgYVq9o33yUZv6i

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  f5de7a27b222191e778a605d7c71bc28_JaffaCakes118
- Size
  
  220KB
- MD5
  
  f5de7a27b222191e778a605d7c71bc28
- SHA1
  
  6f7d05e176160245d99c801465d2721b7da234e6
- SHA256
  
  e7b4390cb8c5d67d82f136d47041806c154809300506442f90508d358baf0f4a
- SHA512
  
  4317d9eb403c24142cd65316852c87bf614a6a9d5e94987bf65ee941d5eb7874fa77e4a2159539162ab7f99d9d3f5278ddb37fdd1e098ea59f17e5a97de605ce
- SSDEEP
  
  3072:JhG4UPS/JwAJeLdUXxRh8cO23RlbVqUCNiLeW33yITZos6iAef:JYGyAgLdUgYVq9o33yUZv6i
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence