General
-
Target
056a71d77550b54ed91a2348388b58ce_JaffaCakes118
-
Size
2.2MB
-
Sample
240428-r1qhmaaa32
-
MD5
056a71d77550b54ed91a2348388b58ce
-
SHA1
fb90dde80eacd6f5a32955f168e6342f1f77e60d
-
SHA256
98b8f94619fb2a3c4fcf069e53b158d019516d75b037185d660cbefc8e0d20ed
-
SHA512
eb6a09a3dcd0edd679ee7aa14c02baf600bb91a4a30ce7ae90ce5932e52b9feec20a85c0ff99173c28f9bc3fba75c4db0dd546a728948c8d2fd1cd79464924f5
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZL:0UzeyQMS4DqodCnoe+iitjWww3
Behavioral task
behavioral1
Sample
056a71d77550b54ed91a2348388b58ce_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
056a71d77550b54ed91a2348388b58ce_JaffaCakes118
-
Size
2.2MB
-
MD5
056a71d77550b54ed91a2348388b58ce
-
SHA1
fb90dde80eacd6f5a32955f168e6342f1f77e60d
-
SHA256
98b8f94619fb2a3c4fcf069e53b158d019516d75b037185d660cbefc8e0d20ed
-
SHA512
eb6a09a3dcd0edd679ee7aa14c02baf600bb91a4a30ce7ae90ce5932e52b9feec20a85c0ff99173c28f9bc3fba75c4db0dd546a728948c8d2fd1cd79464924f5
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZL:0UzeyQMS4DqodCnoe+iitjWww3
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1