a24612ef3031b5253d0b28b31fd2ded73c32885131fade434e069d0fe0f20ef8 | Triage

Sharing

General

Target

267cf62f10625f64f8fd7310c9c4fbab_JaffaCakes118
Size

45KB
Sample

241008-2hxjbstgpl
MD5

267cf62f10625f64f8fd7310c9c4fbab
SHA1

b35ab0d3d2c8944ec3ca6fa99af9d0cb458c6333
SHA256

a24612ef3031b5253d0b28b31fd2ded73c32885131fade434e069d0fe0f20ef8
SHA512

ed9a96cc852436f79b5434a2e2fef8644468281bd36b81b891182ac0ed16fdb0cd5014295d1214c5203142479d496c4cdd67cf9f83fb1556b9d1d61947200103
SSDEEP

192:6cNhCefrVvNzFCTr312vkWl92NGossJ608vp:68HfrVFaZ3i2MosK6dB

Score

10^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  267cf62f10625f64f8fd7310c9c4fbab_JaffaCakes118
- Size
  
  45KB
- MD5
  
  267cf62f10625f64f8fd7310c9c4fbab
- SHA1
  
  b35ab0d3d2c8944ec3ca6fa99af9d0cb458c6333
- SHA256
  
  a24612ef3031b5253d0b28b31fd2ded73c32885131fade434e069d0fe0f20ef8
- SHA512
  
  ed9a96cc852436f79b5434a2e2fef8644468281bd36b81b891182ac0ed16fdb0cd5014295d1214c5203142479d496c4cdd67cf9f83fb1556b9d1d61947200103
- SSDEEP
  
  192:6cNhCefrVvNzFCTr312vkWl92NGossJ608vp:68HfrVFaZ3i2MosK6dB
Score

10^/10

defense_evasion discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoverypersistence