General
-
Target
53b1cf4df0ab6b78e1d103a890dc3392_JaffaCakes118
-
Size
260KB
-
Sample
241017-zrj89aygmr
-
MD5
53b1cf4df0ab6b78e1d103a890dc3392
-
SHA1
cb748604a6f2edd588f9c400e3f6b504794aa384
-
SHA256
3a2fa2f0ffb98cf538574e046fc3d099675b25f29ae2e32399414ad47ecf53f4
-
SHA512
b5a58bc736bac319c287e6aada39ab89d14ba4e96be90fcde579b134665ce4b13d5c46339c5506c2508907adb7c700083e003118bb07217114b1f9c0eb1e8513
-
SSDEEP
3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1q:PWkWXV9wUezUroW+tCmCCfNGN
Malware Config
Targets
-
-
Target
53b1cf4df0ab6b78e1d103a890dc3392_JaffaCakes118
-
Size
260KB
-
MD5
53b1cf4df0ab6b78e1d103a890dc3392
-
SHA1
cb748604a6f2edd588f9c400e3f6b504794aa384
-
SHA256
3a2fa2f0ffb98cf538574e046fc3d099675b25f29ae2e32399414ad47ecf53f4
-
SHA512
b5a58bc736bac319c287e6aada39ab89d14ba4e96be90fcde579b134665ce4b13d5c46339c5506c2508907adb7c700083e003118bb07217114b1f9c0eb1e8513
-
SSDEEP
3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1q:PWkWXV9wUezUroW+tCmCCfNGN
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4