f908292a20405e060595e9a0447e897b04d2da21b4dd1b9878322463439e9b09 | Triage

Sharing

General

Target

ff2c87c458cecdf0ff84ed2cc6f01fe9_JaffaCakes118
Size

244KB
Sample

240929-xnn2xswelj
MD5

ff2c87c458cecdf0ff84ed2cc6f01fe9
SHA1

fe5191103e09af59fbf8a001911d227f067b0c4e
SHA256

f908292a20405e060595e9a0447e897b04d2da21b4dd1b9878322463439e9b09
SHA512

57d6324af7cb162f7624742c8b2ae9ea5f85582f9420034f105a28f3b5d2135d574192ce01607cb55bc68a82fed86e9a201b560a2f701df0236c0a6fad4ad7fc
SSDEEP

3072:fn1zwLyYuAXyeaTFbkEg1Qp1o1zwLvKAP3G9:fn1zNWUZbkFQp1o1zmPa

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ff2c87c458cecdf0ff84ed2cc6f01fe9_JaffaCakes118
- Size
  
  244KB
- MD5
  
  ff2c87c458cecdf0ff84ed2cc6f01fe9
- SHA1
  
  fe5191103e09af59fbf8a001911d227f067b0c4e
- SHA256
  
  f908292a20405e060595e9a0447e897b04d2da21b4dd1b9878322463439e9b09
- SHA512
  
  57d6324af7cb162f7624742c8b2ae9ea5f85582f9420034f105a28f3b5d2135d574192ce01607cb55bc68a82fed86e9a201b560a2f701df0236c0a6fad4ad7fc
- SSDEEP
  
  3072:fn1zwLyYuAXyeaTFbkEg1Qp1o1zwLvKAP3G9:fn1zNWUZbkFQp1o1zmPa
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence