General
-
Target
034700d5078bf78d3a7656d4dfbedf29_JaffaCakes118
-
Size
845KB
-
Sample
240427-pymmvaag52
-
MD5
034700d5078bf78d3a7656d4dfbedf29
-
SHA1
d4aff8c1e67c7004809907028134b152688fd117
-
SHA256
cdcf0f0f82df39128c441911fda6a5fa03a506d796182e02075cb9b06ce834f4
-
SHA512
b5894f0c68d363841dd8cb5cebcffaae54e68e653eb1818eb5762329feaa4c877047681bb069a333ea0f604247a53c13f8e4e7cdbf373563b769d002bf682789
-
SSDEEP
24576:0BVXsqGqLk+b4R7W/gvtprW3B5sBnh3rAIPK:QXsILLS7g2t9WR5shh3ro
Behavioral task
behavioral1
Sample
1059-2c5a1d3a3178e03be08349fe43168df75b22586f.exe
Resource
win7-20240419-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
1059-2c5a1d3a3178e03be08349fe43168df75b22586f
-
Size
2.2MB
-
MD5
86b26f8eef5f69f6a2369834bd6cea21
-
SHA1
2c5a1d3a3178e03be08349fe43168df75b22586f
-
SHA256
9448fa38a632dfeffb3d078b799aef5cbd428e7a3d9ab8b8e1820cc92245123d
-
SHA512
c9ca31502e9c5ca21de477b3ef34971c80c338b70d951f386de695a7a8c534fbe9f81093993277c8ac4492e8842a12b6ee5980656790baeb7129939a699ede7a
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZe:0UzeyQMS4DqodCnoe+iitjWwwK
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1