General
-
Target
6fe3c8da9a1f0afba86103bcabd02a97_JaffaCakes118
-
Size
2.6MB
-
Sample
240524-1m1wwacc3x
-
MD5
6fe3c8da9a1f0afba86103bcabd02a97
-
SHA1
fd8e744be21b98ee47c06416ca53e5ff9e06101a
-
SHA256
14b3c561a01e5963d102d18b2eb88f0931261add80adee2f3dc0764f9a778061
-
SHA512
06bb7daa232b44c6c369c62c5fa13c0ddd280332e3720955fc5174218164ffa80fc207b7d1b712d4a799b63fadbfb9f94eaa620f350acbeed93c7437345d9b58
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlr:86SIROiFJiwp0xlrlr
Behavioral task
behavioral1
Sample
6fe3c8da9a1f0afba86103bcabd02a97_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
6fe3c8da9a1f0afba86103bcabd02a97_JaffaCakes118
-
Size
2.6MB
-
MD5
6fe3c8da9a1f0afba86103bcabd02a97
-
SHA1
fd8e744be21b98ee47c06416ca53e5ff9e06101a
-
SHA256
14b3c561a01e5963d102d18b2eb88f0931261add80adee2f3dc0764f9a778061
-
SHA512
06bb7daa232b44c6c369c62c5fa13c0ddd280332e3720955fc5174218164ffa80fc207b7d1b712d4a799b63fadbfb9f94eaa620f350acbeed93c7437345d9b58
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlr:86SIROiFJiwp0xlrlr
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1