3bfaf6dc192dae31c373f2c37bc28f1ceff53fc1f12ae2c5862b21ed955f0179 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06408e9077d924ec4adeb2af5f64ad60_JaffaCakes118
Size

72KB
Sample

241001-r8agdavenl
MD5

06408e9077d924ec4adeb2af5f64ad60
SHA1

fd23e39ec6c3ad8090e77ea41042a9d74e6be869
SHA256

3bfaf6dc192dae31c373f2c37bc28f1ceff53fc1f12ae2c5862b21ed955f0179
SHA512

8d51ec5953dd59c3ad96838fdbc1af766ee1b9bcc3e8f888e694409a9fce4b7d7edacd28d7846ba2a4d72ff32bd82499cab07e9e951988741bfaa25656c28063
SSDEEP

768:HPOIJa8oy0qNksF/4VBn/KXvB2gwx0ov2uhR4dFC4tsOKMue7kTt/243TdKLJ1Ma:10em/42gw+M4dFnthKBR/dTW71wU

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  06408e9077d924ec4adeb2af5f64ad60_JaffaCakes118
- Size
  
  72KB
- MD5
  
  06408e9077d924ec4adeb2af5f64ad60
- SHA1
  
  fd23e39ec6c3ad8090e77ea41042a9d74e6be869
- SHA256
  
  3bfaf6dc192dae31c373f2c37bc28f1ceff53fc1f12ae2c5862b21ed955f0179
- SHA512
  
  8d51ec5953dd59c3ad96838fdbc1af766ee1b9bcc3e8f888e694409a9fce4b7d7edacd28d7846ba2a4d72ff32bd82499cab07e9e951988741bfaa25656c28063
- SSDEEP
  
  768:HPOIJa8oy0qNksF/4VBn/KXvB2gwx0ov2uhR4dFC4tsOKMue7kTt/243TdKLJ1Ma:10em/42gw+M4dFnthKBR/dTW71wU
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2