General
-
Target
3ce6e5fc2f9d9738fd4bb92117575e00_JaffaCakes118
-
Size
206KB
-
Sample
241013-a6dbtazgqf
-
MD5
3ce6e5fc2f9d9738fd4bb92117575e00
-
SHA1
04dd830d1ef1acffc6fd4c17eba95c88299e5aa2
-
SHA256
f6c7d1ed2eb1b4abc3a2a6c5fb96c08ece82af6f0114f1ea81e2a84528994ab3
-
SHA512
ab502c107e46acc90e815bb7dcf28e1568c7de549cbb48ef624a7e0adacc177abbbadee4ebfadc420ce3a14e5ca06b34690508d3c6bb815baa20fcd319f4f413
-
SSDEEP
3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAn:bbl5RKgOGqml80FrgTRHGvJI08iYB
Malware Config
Targets
-
-
Target
3ce6e5fc2f9d9738fd4bb92117575e00_JaffaCakes118
-
Size
206KB
-
MD5
3ce6e5fc2f9d9738fd4bb92117575e00
-
SHA1
04dd830d1ef1acffc6fd4c17eba95c88299e5aa2
-
SHA256
f6c7d1ed2eb1b4abc3a2a6c5fb96c08ece82af6f0114f1ea81e2a84528994ab3
-
SHA512
ab502c107e46acc90e815bb7dcf28e1568c7de549cbb48ef624a7e0adacc177abbbadee4ebfadc420ce3a14e5ca06b34690508d3c6bb815baa20fcd319f4f413
-
SSDEEP
3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAn:bbl5RKgOGqml80FrgTRHGvJI08iYB
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4