General

  • Target

    376c5844cd89ac279f0d6fe59951fa2f_JaffaCakes118

  • Size

    8.7MB

  • Sample

    241011-3tadlsvglr

  • MD5

    376c5844cd89ac279f0d6fe59951fa2f

  • SHA1

    39904b031876baf3b9298a4e295f09e2853f0e44

  • SHA256

    fab1a8843e4a41e7321a8ca8f72c7b5c20ec60b979b75e4ac5907f08142fc3da

  • SHA512

    3ae29010a179a2282570cf011ef306f3ea29a4208b651f9568da159efbad2ae5c53e272092298211723bdcc47cb20cb127e1dd62a5fdef1aac69d34b8694df80

  • SSDEEP

    196608:RS5bbrcx5oCRygmjvQDP2XRVNyvhLcJfJauU6lhUvPuGVd/U4OLyhqm3Wjxar4UH:4do5xygmjoT2hokou9bUvPu2tOLyU0Ws

Malware Config

Targets

    • Target

      Logon Workshop/Apply/ResHacker.exe

    • Size

      917KB

    • MD5

      a7f85126bc2f475a249004e46a59bba9

    • SHA1

      c1311ee6c8acbc849f66dced5a1c5f925f12bea2

    • SHA256

      94f3c576c6417397a3e6041ad9818773eb0f02235e0e591b68740fd06ba2c07e

    • SHA512

      eb331e9cfae7688c21bd36896ace64872177c6fb5c617c4bc5e1c520771333fbff73c4a4f1e41369da6cc4397df5487ad08cfae50a3c139bd576a97adc8538d2

    • SSDEEP

      24576:v6wVCzymgQO1/8VW6tRpwHZ7v7lXCwLwS2xIGVNeTvc:v6hjgQO1/8+X+xIWeTE

    Score
    3/10
    • Target

      Logon Workshop/Apply/toke.bat

    • Size

      407B

    • MD5

      046ba1a43e5140f4b15eea6d1125664e

    • SHA1

      ac3acb378cd948faee55a9ebe6a9d29a74bcaeb9

    • SHA256

      2125ff943e054d96a877212be8e802d1bfc9901ddb596aa93e9a304c832f64dc

    • SHA512

      e4a2f82cf1f4f954c0b11e169719b8d3403288e29f5c71d38b88d9015379691c46aa2a244e505826d25321718e5f23b5081923e78cf244413f285e3ea1c8c42c

    • Possible privilege escalation attempt

    • Modifies file permissions

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Target

      Logon Workshop/ICSharpCode.SharpZipLib.dll

    • Size

      220KB

    • MD5

      80ced02f62658271eb557cad83148b8e

    • SHA1

      76ad1167288d662f96c72fad60f3ee268121c3b3

    • SHA256

      afaf833939ae2838512f1d8c9f57c38e32a8ffde90c9c9450c32edd1e029cb9a

    • SHA512

      48b4d8da12d5ae137229c8851d0eafbf9c503ed65be0790a2f138f99b3443297610a1dd3026b709b0ed140a7910cc86f22d0aaa97b023516cafe4614e7da212e

    • SSDEEP

      3072:bnpIrAK7+kuAu25bPKuX8vCshUxJhFDeSikLIV9w/CwwSwi5Ygd6L+IxkY4AzxJp:arIdADbd7V0kLIXViwi93

    Score
    1/10
    • Target

      Logon Workshop/Logon WorkShop.exe

    • Size

      1.1MB

    • MD5

      794491e55493dabdd8efb15202e171c2

    • SHA1

      888d60179d081de33950e62b4064261add397579

    • SHA256

      dfb711a844df386b144a61144a6139e8f05f8c9434494ac71602f54da797da90

    • SHA512

      78e405dcaad9fb2d8d33526d6245689278afe40a50f9c4ea5693127ae613e433ecd48c07712043c3d9c729c2b15cd3ad5ebcfc31ed335dcb3fe378dcd7cea52b

    • SSDEEP

      12288:Oy7hCgaRLoYjU4PI88w/RBRfSEMCXPzdHfrI5C80AYGa17SiMmGobF0/:OPIg39SkzdHfr1uYNTZp0/

    Score
    3/10
    • Target

      Logon Workshop/Logon WorkShop.vshost.exe

    • Size

      13KB

    • MD5

      99f9b3ab8971e77b5c93864ee0a7b97d

    • SHA1

      5ddc58cfb6d68a03c4201889819163abcf0f4ec5

    • SHA256

      c7b2e4e4fb2fcc44c953673ff57c3d14bdf5d2008f35e9a84c2a11735f2d268f

    • SHA512

      b1723e0d5707a5b7faeba6c3e11d6fbcb57c51af1368d8ac18cc7030f0de44ed9a53b38a1ed0ca6cb19a1a5f00b1172484060cbddc8f343c76ce39ef10bd9b72

    • SSDEEP

      192:HSgRxBcWLVmWUo6oEQKPnEt2yt8mGafdjIafdjShj7NoVE8I:J72WhmWRnELKt8HafdjIafdjcj3F

    Score
    1/10
    • Target

      Logon Workshop/԰.url

    • Size

      210B

    • MD5

      339ecc97cda3d35f18e90e9c727af4ef

    • SHA1

      5db53dc8c29a949787cafd6f90a05d73fb7c5377

    • SHA256

      649a8ff45f31d14248687850657b6814ba3b8ce566bc15362ea9ed10fed39ff2

    • SHA512

      8ce8edeb7a1b0914ca4e00a2b825b60de3074a6588d751bccb7711f8e71ddd7c20aae25c345faa7cb188cd21a72cd254337c5ebe82ec27e20c287c2ea71333a2

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks