307d3dbae6223480b606a2b0666a12bfcfaf05a0e3007e80a9ed7b72e776b629 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa98648c76ee5d7074d7ebcf1ea7f03e_JaffaCakes118
Size

178KB
Sample

240927-r5amzaxdnk
MD5

fa98648c76ee5d7074d7ebcf1ea7f03e
SHA1

e57ae729520d60ffe607cf4859d47f5347a4df11
SHA256

307d3dbae6223480b606a2b0666a12bfcfaf05a0e3007e80a9ed7b72e776b629
SHA512

9a58297bc6aab17ac2c19f16e5a3568a34c406359fb0ca1ff79cea686ca7c5e7b5c8442f7c8050e79e7ab2617f37c20ead9e6e26f4d10dc138d91048cab555d5
SSDEEP

3072:hmqOD6ZcNFnRa1qzh0pKw0Vm3rigZ5S4Nfih+E8LPpxNCfAM00oVRziFLi:hE6ZMnh0UN43dWmiAE8LPpSfAM00ye

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  fa98648c76ee5d7074d7ebcf1ea7f03e_JaffaCakes118
- Size
  
  178KB
- MD5
  
  fa98648c76ee5d7074d7ebcf1ea7f03e
- SHA1
  
  e57ae729520d60ffe607cf4859d47f5347a4df11
- SHA256
  
  307d3dbae6223480b606a2b0666a12bfcfaf05a0e3007e80a9ed7b72e776b629
- SHA512
  
  9a58297bc6aab17ac2c19f16e5a3568a34c406359fb0ca1ff79cea686ca7c5e7b5c8442f7c8050e79e7ab2617f37c20ead9e6e26f4d10dc138d91048cab555d5
- SSDEEP
  
  3072:hmqOD6ZcNFnRa1qzh0pKw0Vm3rigZ5S4Nfih+E8LPpxNCfAM00oVRziFLi:hE6ZMnh0UN43dWmiAE8LPpSfAM00ye
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2