General
-
Target
663f887224200815b91a98288e2dd2a3_JaffaCakes118
-
Size
2.2MB
-
Sample
240522-gr3rgsed56
-
MD5
663f887224200815b91a98288e2dd2a3
-
SHA1
1fc9f016a836d883963275c958fdab9f90b75b03
-
SHA256
a0638d2021e47d8f72808913e71123784af8454110bf460e14ea5ea8ba5660ff
-
SHA512
8ae7754be40e9a4ea6c40ab78ec6e7d7be25245f31626c2439be1d758c2260a99fb709c91006797315d52d33691abf19cabe85860345a728dbadd3525db8f7f2
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZW:0UzeyQMS4DqodCnoe+iitjWww6
Behavioral task
behavioral1
Sample
663f887224200815b91a98288e2dd2a3_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
663f887224200815b91a98288e2dd2a3_JaffaCakes118
-
Size
2.2MB
-
MD5
663f887224200815b91a98288e2dd2a3
-
SHA1
1fc9f016a836d883963275c958fdab9f90b75b03
-
SHA256
a0638d2021e47d8f72808913e71123784af8454110bf460e14ea5ea8ba5660ff
-
SHA512
8ae7754be40e9a4ea6c40ab78ec6e7d7be25245f31626c2439be1d758c2260a99fb709c91006797315d52d33691abf19cabe85860345a728dbadd3525db8f7f2
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZW:0UzeyQMS4DqodCnoe+iitjWww6
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1