b1e94799a6524af432cbea7a298af403551b2453d432b2307589fb2ec8dfbb3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd695c7d61141f28d3888edacbec731f_JaffaCakes118
Size

82KB
Sample

240929-acwlasvdkh
MD5

fd695c7d61141f28d3888edacbec731f
SHA1

3553c57bbd4e50631772039ee2bb443f3e74b03c
SHA256

b1e94799a6524af432cbea7a298af403551b2453d432b2307589fb2ec8dfbb3e
SHA512

0c2437c6a5fe0f7d018c646245fd3d19a928a87c0a61fb982663594edfc628d2b9416651a77cd14be9279d1066987b388b3d65b664882b4c360122110e291370
SSDEEP

1536:4aiqH1s+kCtrA2UMT0mTFibDKa1XE1g3vqY7:51B31bdBob2QXZvz

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  fd695c7d61141f28d3888edacbec731f_JaffaCakes118
- Size
  
  82KB
- MD5
  
  fd695c7d61141f28d3888edacbec731f
- SHA1
  
  3553c57bbd4e50631772039ee2bb443f3e74b03c
- SHA256
  
  b1e94799a6524af432cbea7a298af403551b2453d432b2307589fb2ec8dfbb3e
- SHA512
  
  0c2437c6a5fe0f7d018c646245fd3d19a928a87c0a61fb982663594edfc628d2b9416651a77cd14be9279d1066987b388b3d65b664882b4c360122110e291370
- SSDEEP
  
  1536:4aiqH1s+kCtrA2UMT0mTFibDKa1XE1g3vqY7:51B31bdBob2QXZvz
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence