General
-
Target
56dfd1fc42a38d7658abbb9bb168a990_JaffaCakes118
-
Size
1.8MB
-
Sample
241018-maabha1epc
-
MD5
56dfd1fc42a38d7658abbb9bb168a990
-
SHA1
cf93c985ee9850901e8d9de0f275c5283a671179
-
SHA256
eecd601523ca7f176eff537b38a2de5aff5279b2cb0a23d12f447442b4f19658
-
SHA512
1e374f9ae485329ffd80837f5a9983bee97f72c0942e4240868f756ccb3a144100a765b521975e383c7597cde967bec18a87c13f818c21b2890d95bdfa840ea3
-
SSDEEP
49152:nyyzT4zlfGB4/d/Zxmo/rvtchcL6yUw4gZ2oe7yUFZO:nyyz0zluGF/N/rFHL7F
Malware Config
Targets
-
-
Target
56dfd1fc42a38d7658abbb9bb168a990_JaffaCakes118
-
Size
1.8MB
-
MD5
56dfd1fc42a38d7658abbb9bb168a990
-
SHA1
cf93c985ee9850901e8d9de0f275c5283a671179
-
SHA256
eecd601523ca7f176eff537b38a2de5aff5279b2cb0a23d12f447442b4f19658
-
SHA512
1e374f9ae485329ffd80837f5a9983bee97f72c0942e4240868f756ccb3a144100a765b521975e383c7597cde967bec18a87c13f818c21b2890d95bdfa840ea3
-
SSDEEP
49152:nyyzT4zlfGB4/d/Zxmo/rvtchcL6yUw4gZ2oe7yUFZO:nyyz0zluGF/N/rFHL7F
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1