General
-
Target
45fe0bfeef53daa84987405ed050fcf4_JaffaCakes118
-
Size
22KB
-
Sample
241015-frxd2awfne
-
MD5
45fe0bfeef53daa84987405ed050fcf4
-
SHA1
cc424a22af81f7aef20eb197e0f3cd19753aba45
-
SHA256
1ab1319eac24437a5261729ce1cd90da4797d3cf7d95c9b35775dd397fc7abdf
-
SHA512
438031d88480c547fd95a5725c18769a5911ff10882c734bb52f43aa48088053abae4257bd95028f347fbb1588e11205278a526abaeef3c41dc332663a569f73
-
SSDEEP
384:kzoGUSWCHi8o/8iPyFh+XUpbhoHXYXZ8KxgGBMvqY:D+WCCn1yZWOWrvqY
Malware Config
Targets
-
-
Target
45fe0bfeef53daa84987405ed050fcf4_JaffaCakes118
-
Size
22KB
-
MD5
45fe0bfeef53daa84987405ed050fcf4
-
SHA1
cc424a22af81f7aef20eb197e0f3cd19753aba45
-
SHA256
1ab1319eac24437a5261729ce1cd90da4797d3cf7d95c9b35775dd397fc7abdf
-
SHA512
438031d88480c547fd95a5725c18769a5911ff10882c734bb52f43aa48088053abae4257bd95028f347fbb1588e11205278a526abaeef3c41dc332663a569f73
-
SSDEEP
384:kzoGUSWCHi8o/8iPyFh+XUpbhoHXYXZ8KxgGBMvqY:D+WCCn1yZWOWrvqY
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-