51ce17ca4c058b55ce31e5879b5d44e949512e570fc94a2a3f3c0b6f495a5ab1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c327c2aa83d0bb1a61e1e933baf1d9b_JaffaCakes118
Size

65KB
Sample

241012-1nz1zashqf
MD5

3c327c2aa83d0bb1a61e1e933baf1d9b
SHA1

eb011ec826f856bd18c6cd46292d50c644da0fa5
SHA256

51ce17ca4c058b55ce31e5879b5d44e949512e570fc94a2a3f3c0b6f495a5ab1
SHA512

2b0aaad2d397dcb7c945d3fa993e54c3a8ee88d619542a3a99988472fb500ceda48652daf525591220d2b44075d0413fdc64646c998a560bf839249bd3222057
SSDEEP

1536:pt698VlL33TmaSXoI3p8bHhdpVU3pYZFQ2LJX:ptplLnTmaYT4NomZFQ2F

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  3c327c2aa83d0bb1a61e1e933baf1d9b_JaffaCakes118
- Size
  
  65KB
- MD5
  
  3c327c2aa83d0bb1a61e1e933baf1d9b
- SHA1
  
  eb011ec826f856bd18c6cd46292d50c644da0fa5
- SHA256
  
  51ce17ca4c058b55ce31e5879b5d44e949512e570fc94a2a3f3c0b6f495a5ab1
- SHA512
  
  2b0aaad2d397dcb7c945d3fa993e54c3a8ee88d619542a3a99988472fb500ceda48652daf525591220d2b44075d0413fdc64646c998a560bf839249bd3222057
- SSDEEP
  
  1536:pt698VlL33TmaSXoI3p8bHhdpVU3pYZFQ2LJX:ptplLnTmaYT4NomZFQ2F
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2