General
-
Target
003609a6f9a1d0c429f9ea6e378f42c1_JaffaCakes118
-
Size
2.2MB
-
Sample
240426-hgxcdsba3w
-
MD5
003609a6f9a1d0c429f9ea6e378f42c1
-
SHA1
1acd5ca3ef94095d4bac81630f24f5a50b423361
-
SHA256
aaeed8a84bd3c6a98320e8b873a67aca28193e3e706b984e58d971a0e7ca1ac3
-
SHA512
3b65c82f0d88b7b5deb738665e6ab7b64d25fae3742190381c4e6dc6edaede65ac3efad9202f2a20894efa577ad8c94d93d79be541b4122c01da2b7bcb70bd52
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZt:0UzeyQMS4DqodCnoe+iitjWww5
Behavioral task
behavioral1
Sample
003609a6f9a1d0c429f9ea6e378f42c1_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
003609a6f9a1d0c429f9ea6e378f42c1_JaffaCakes118
-
Size
2.2MB
-
MD5
003609a6f9a1d0c429f9ea6e378f42c1
-
SHA1
1acd5ca3ef94095d4bac81630f24f5a50b423361
-
SHA256
aaeed8a84bd3c6a98320e8b873a67aca28193e3e706b984e58d971a0e7ca1ac3
-
SHA512
3b65c82f0d88b7b5deb738665e6ab7b64d25fae3742190381c4e6dc6edaede65ac3efad9202f2a20894efa577ad8c94d93d79be541b4122c01da2b7bcb70bd52
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZt:0UzeyQMS4DqodCnoe+iitjWww5
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1