24ecdaad8696833142279ed16d02ceecdd77ed97f1e1ee5ab92999d17ee633e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e164d50c05fb71a78f9843f284f7452_JaffaCakes118
Size

94KB
Sample

241009-kljcfazell
MD5

2e164d50c05fb71a78f9843f284f7452
SHA1

1644a136517bddb23a1ee4e8e8557f3ea685dc59
SHA256

24ecdaad8696833142279ed16d02ceecdd77ed97f1e1ee5ab92999d17ee633e1
SHA512

459494a87c780eae6b04d1024d1b78ab90fda3b2287785ce3e57cfa422d538cb04df8dd434a1b6da1a28d2938dcf2f08205c37387273824738c119d07c574083
SSDEEP

1536:iP2JtbOiT7Mfv7Z6eWRo/TlJjw05Ud92Fy:PLOikfjcjo/TlJjx5xy

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  2e164d50c05fb71a78f9843f284f7452_JaffaCakes118
- Size
  
  94KB
- MD5
  
  2e164d50c05fb71a78f9843f284f7452
- SHA1
  
  1644a136517bddb23a1ee4e8e8557f3ea685dc59
- SHA256
  
  24ecdaad8696833142279ed16d02ceecdd77ed97f1e1ee5ab92999d17ee633e1
- SHA512
  
  459494a87c780eae6b04d1024d1b78ab90fda3b2287785ce3e57cfa422d538cb04df8dd434a1b6da1a28d2938dcf2f08205c37387273824738c119d07c574083
- SSDEEP
  
  1536:iP2JtbOiT7Mfv7Z6eWRo/TlJjw05Ud92Fy:PLOikfjcjo/TlJjx5xy
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2