General
-
Target
2d69c26f2c2c775fa596b9396f298c17_JaffaCakes118
-
Size
184KB
-
Sample
241009-jj9aeazakc
-
MD5
2d69c26f2c2c775fa596b9396f298c17
-
SHA1
22d2c6985013b87e937a32e22260b9173c2dcbec
-
SHA256
cb4c085a27836930fd14145fe614f91e7fcd10970cc94a6a3cb690f746c8990d
-
SHA512
79a8147234711e5f6873d9ce73672f0842a618368ce35cf01772126a44979110f55108e2bc49dfb6fab191b8689c1df3fb21a6b4a1ede08e24764420cd024885
-
SSDEEP
3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1/D:GWkWXV9wUezUroW+tCmCCfNG2
Malware Config
Targets
-
-
Target
2d69c26f2c2c775fa596b9396f298c17_JaffaCakes118
-
Size
184KB
-
MD5
2d69c26f2c2c775fa596b9396f298c17
-
SHA1
22d2c6985013b87e937a32e22260b9173c2dcbec
-
SHA256
cb4c085a27836930fd14145fe614f91e7fcd10970cc94a6a3cb690f746c8990d
-
SHA512
79a8147234711e5f6873d9ce73672f0842a618368ce35cf01772126a44979110f55108e2bc49dfb6fab191b8689c1df3fb21a6b4a1ede08e24764420cd024885
-
SSDEEP
3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1/D:GWkWXV9wUezUroW+tCmCCfNG2
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4