General
-
Target
6fd88757454291496e6bd7df2e58b92d_JaffaCakes118
-
Size
2.6MB
-
Sample
240524-1aeswabf2y
-
MD5
6fd88757454291496e6bd7df2e58b92d
-
SHA1
4b3fac31b957729bbe3be8fd06aa3fff29c1d31c
-
SHA256
c9e87eb7947f9916a1e141444ccb9b419c607f6c3eb5c19564ca5091c5015f99
-
SHA512
c9180f81890a031c61f3f720664809fca39eb511090ec46ea9dca38e4041d50e9852a45c7e778580d89eaa99c016dc61e2685da8e1177eef3b5adc9faf178166
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrli:86SIROiFJiwp0xlrli
Behavioral task
behavioral1
Sample
6fd88757454291496e6bd7df2e58b92d_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
6fd88757454291496e6bd7df2e58b92d_JaffaCakes118
-
Size
2.6MB
-
MD5
6fd88757454291496e6bd7df2e58b92d
-
SHA1
4b3fac31b957729bbe3be8fd06aa3fff29c1d31c
-
SHA256
c9e87eb7947f9916a1e141444ccb9b419c607f6c3eb5c19564ca5091c5015f99
-
SHA512
c9180f81890a031c61f3f720664809fca39eb511090ec46ea9dca38e4041d50e9852a45c7e778580d89eaa99c016dc61e2685da8e1177eef3b5adc9faf178166
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrli:86SIROiFJiwp0xlrli
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1