General
-
Target
027f298a0b05438072787a745cb4631f_JaffaCakes118
-
Size
2.6MB
-
Sample
240427-ft5s7abg47
-
MD5
027f298a0b05438072787a745cb4631f
-
SHA1
9642c03b30a5c9a0b45063b0285c4cadd6b08e26
-
SHA256
42f89aa4bd9da1d07529e57f057bb9a4fbf30e91419efcd1325570aa94ba4f31
-
SHA512
66997022549168f60e1adaae6eb3f44767d555973b6b0118f53e73794612da0070eaab08f458e3044797a382747f1f6b878b9195d0944a2ca8e36ceef22345a4
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrly:86SIROiFJiwp0xlrly
Behavioral task
behavioral1
Sample
027f298a0b05438072787a745cb4631f_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
027f298a0b05438072787a745cb4631f_JaffaCakes118
-
Size
2.6MB
-
MD5
027f298a0b05438072787a745cb4631f
-
SHA1
9642c03b30a5c9a0b45063b0285c4cadd6b08e26
-
SHA256
42f89aa4bd9da1d07529e57f057bb9a4fbf30e91419efcd1325570aa94ba4f31
-
SHA512
66997022549168f60e1adaae6eb3f44767d555973b6b0118f53e73794612da0070eaab08f458e3044797a382747f1f6b878b9195d0944a2ca8e36ceef22345a4
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrly:86SIROiFJiwp0xlrly
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1