General
-
Target
6ed22cdd13c68555b2ed5fff6a66a859_JaffaCakes118
-
Size
2.2MB
-
Sample
240524-rp79asha3y
-
MD5
6ed22cdd13c68555b2ed5fff6a66a859
-
SHA1
54aa7be5a5db40c62031108fda1ade4aedbcc82c
-
SHA256
ba8b376991e53153333751859a5275d73d66a81d12c58c7d02d3b77679f5d3b8
-
SHA512
56c8431089da80288f96ef20553b6c0af5dcd7feda1268a2c1d2c4bde9e5453041cfe116b3559f10d91d38dc601a5fe62ace733e3d572cc22f2a360f9a016625
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZF:0UzeyQMS4DqodCnoe+iitjWwwp
Behavioral task
behavioral1
Sample
6ed22cdd13c68555b2ed5fff6a66a859_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
6ed22cdd13c68555b2ed5fff6a66a859_JaffaCakes118
-
Size
2.2MB
-
MD5
6ed22cdd13c68555b2ed5fff6a66a859
-
SHA1
54aa7be5a5db40c62031108fda1ade4aedbcc82c
-
SHA256
ba8b376991e53153333751859a5275d73d66a81d12c58c7d02d3b77679f5d3b8
-
SHA512
56c8431089da80288f96ef20553b6c0af5dcd7feda1268a2c1d2c4bde9e5453041cfe116b3559f10d91d38dc601a5fe62ace733e3d572cc22f2a360f9a016625
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZF:0UzeyQMS4DqodCnoe+iitjWwwp
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1