2311862310b3d507c613cfb736f41b1bcacb63aace2ef0856d94e09e8aa99398 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29806c7d2b9aa74ff661b3ec9b193522_JaffaCakes118
Size

276KB
Sample

241009-db9y3sxakk
MD5

29806c7d2b9aa74ff661b3ec9b193522
SHA1

0948b4551390106bea8a5d0f5fb3f8bc6c0986fc
SHA256

2311862310b3d507c613cfb736f41b1bcacb63aace2ef0856d94e09e8aa99398
SHA512

89b179ec11bc12f8d3f8ce515caada1eaa5b0a6e4983bde77d06c86b6255f9d2a082b00f3f5f1bd1c9a4aba2e57dc9f1762b9f5262067ba81bdf918e8db56561
SSDEEP

6144:BS/8blfrNe/m98ixGx1TDnhpzKrHnbGiVyZF3/CAWEeWp:BS/8btrisYTDnh9K8WP0

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  29806c7d2b9aa74ff661b3ec9b193522_JaffaCakes118
- Size
  
  276KB
- MD5
  
  29806c7d2b9aa74ff661b3ec9b193522
- SHA1
  
  0948b4551390106bea8a5d0f5fb3f8bc6c0986fc
- SHA256
  
  2311862310b3d507c613cfb736f41b1bcacb63aace2ef0856d94e09e8aa99398
- SHA512
  
  89b179ec11bc12f8d3f8ce515caada1eaa5b0a6e4983bde77d06c86b6255f9d2a082b00f3f5f1bd1c9a4aba2e57dc9f1762b9f5262067ba81bdf918e8db56561
- SSDEEP
  
  6144:BS/8blfrNe/m98ixGx1TDnhpzKrHnbGiVyZF3/CAWEeWp:BS/8btrisYTDnh9K8WP0
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence