General
-
Target
680741fe539996d85bf56ef210a7c079_JaffaCakes118
-
Size
2.6MB
-
Sample
240522-vx9nwaad6s
-
MD5
680741fe539996d85bf56ef210a7c079
-
SHA1
a9c1999cb9f0c15473eec03f591dcb41975dfa3f
-
SHA256
3802fa1989d52348733d719973d54c62efc5761f035951efb5232900b890bd5a
-
SHA512
d40df37a2dc3cf7256c382cf876aa044d2037964483e85b3827c1bdf088edeca89208403b29104126dc03fcfbb00dc4777a1fec1e7afbe1bea7f3e4d191162b8
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlP:86SIROiFJiwp0xlrlP
Behavioral task
behavioral1
Sample
680741fe539996d85bf56ef210a7c079_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
680741fe539996d85bf56ef210a7c079_JaffaCakes118
-
Size
2.6MB
-
MD5
680741fe539996d85bf56ef210a7c079
-
SHA1
a9c1999cb9f0c15473eec03f591dcb41975dfa3f
-
SHA256
3802fa1989d52348733d719973d54c62efc5761f035951efb5232900b890bd5a
-
SHA512
d40df37a2dc3cf7256c382cf876aa044d2037964483e85b3827c1bdf088edeca89208403b29104126dc03fcfbb00dc4777a1fec1e7afbe1bea7f3e4d191162b8
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlP:86SIROiFJiwp0xlrlP
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1