878d83d2bd0d92dcaaf8becb3c8147173014edc5fe78198c2e62afd5f155fa48 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe7ca97ea2574a68f61db8055b0603e0_JaffaCakes118
Size

240KB
Sample

240929-n7t8lstdkn
MD5

fe7ca97ea2574a68f61db8055b0603e0
SHA1

dd06423c67e681d3307c94184585647f2ec68756
SHA256

878d83d2bd0d92dcaaf8becb3c8147173014edc5fe78198c2e62afd5f155fa48
SHA512

6c8544de3cee37736a30d94e7497abf2571be7965fca2c1572f7bd0e23aeb7489951ce52ea8d261bd3c66048268cd6ff26541ccbe94945e32dac218d9f7b5bbe
SSDEEP

6144:hDCvbKgs/hLVr8awjKsEz4AhO3Jlc5VS7cq3Z:Qvbv6LVQez4AU5lcrSY

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  fe7ca97ea2574a68f61db8055b0603e0_JaffaCakes118
- Size
  
  240KB
- MD5
  
  fe7ca97ea2574a68f61db8055b0603e0
- SHA1
  
  dd06423c67e681d3307c94184585647f2ec68756
- SHA256
  
  878d83d2bd0d92dcaaf8becb3c8147173014edc5fe78198c2e62afd5f155fa48
- SHA512
  
  6c8544de3cee37736a30d94e7497abf2571be7965fca2c1572f7bd0e23aeb7489951ce52ea8d261bd3c66048268cd6ff26541ccbe94945e32dac218d9f7b5bbe
- SSDEEP
  
  6144:hDCvbKgs/hLVr8awjKsEz4AhO3Jlc5VS7cq3Z:Qvbv6LVQez4AU5lcrSY
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence