General
-
Target
71807070c90005668311b886d095a742_JaffaCakes118
-
Size
2.2MB
-
Sample
240525-k7a8yscg42
-
MD5
71807070c90005668311b886d095a742
-
SHA1
348a47c7cdb228f882e17b3e7369fdeb7a37204e
-
SHA256
1cfe2488e5f3c1e493ccabff6d635c850f1a680aafd7e471c15dbfea4ff86ffe
-
SHA512
4c40416b8a9a797ec656da548d4bbb7a30da1497483e95c41ff86a9ac47fb0bf3d00716c3e3b954a03df6dd4f94618d5ddbe20f88e4585c3c002f5cef3a5fff9
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZy:0UzeyQMS4DqodCnoe+iitjWwwm
Behavioral task
behavioral1
Sample
71807070c90005668311b886d095a742_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
71807070c90005668311b886d095a742_JaffaCakes118
-
Size
2.2MB
-
MD5
71807070c90005668311b886d095a742
-
SHA1
348a47c7cdb228f882e17b3e7369fdeb7a37204e
-
SHA256
1cfe2488e5f3c1e493ccabff6d635c850f1a680aafd7e471c15dbfea4ff86ffe
-
SHA512
4c40416b8a9a797ec656da548d4bbb7a30da1497483e95c41ff86a9ac47fb0bf3d00716c3e3b954a03df6dd4f94618d5ddbe20f88e4585c3c002f5cef3a5fff9
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZy:0UzeyQMS4DqodCnoe+iitjWwwm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1