96b0133138f1d9f6a22a8eb3cd70abc0ca6c9ae447db63b364f8affc518d9184 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa67f0f08e824e770c61da32167a71af_JaffaCakes118
Size

49KB
Sample

240927-pmrsessemk
MD5

fa67f0f08e824e770c61da32167a71af
SHA1

6b0c0864cff5d2276193987e84433df1429520e5
SHA256

96b0133138f1d9f6a22a8eb3cd70abc0ca6c9ae447db63b364f8affc518d9184
SHA512

83f0e090b6ae59507bab70b9fb977054c34d9f7512db56f67d206ded676fad04a09eeb84aa22c5b88c347d3e16eb9da20449e291dc9355f6a030266e1a51ebe5
SSDEEP

1536:rUqhmQrd4WYUrOd5/wsMyYLov+EQkrblEMENcE:ZmXW/Ww1yYLovyknlEMcV

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  fa67f0f08e824e770c61da32167a71af_JaffaCakes118
- Size
  
  49KB
- MD5
  
  fa67f0f08e824e770c61da32167a71af
- SHA1
  
  6b0c0864cff5d2276193987e84433df1429520e5
- SHA256
  
  96b0133138f1d9f6a22a8eb3cd70abc0ca6c9ae447db63b364f8affc518d9184
- SHA512
  
  83f0e090b6ae59507bab70b9fb977054c34d9f7512db56f67d206ded676fad04a09eeb84aa22c5b88c347d3e16eb9da20449e291dc9355f6a030266e1a51ebe5
- SSDEEP
  
  1536:rUqhmQrd4WYUrOd5/wsMyYLov+EQkrblEMENcE:ZmXW/Ww1yYLovyknlEMcV
Score

6^/10

discovery persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence