General
-
Target
a026df52169668712c17d4d1851b9286_JaffaCakes118
-
Size
2.6MB
-
Sample
240612-k6hlmsxcjp
-
MD5
a026df52169668712c17d4d1851b9286
-
SHA1
154d43e6f359c7593f45cf33ec51e90e9a7e0f98
-
SHA256
cd2831fb37a832d879ae59d332c5d3d87ef6d2db68f4859e8151598d2df75c23
-
SHA512
02beb04cb43c3ff3560feda3e81e18cd9c2dec8143c2d8874af98d8e3290224a1c91d931f2dea68fbc4568b2b4d6823c3580d291e8e1f71f8c22e59fbb83047b
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlW:86SIROiFJiwp0xlrlW
Behavioral task
behavioral1
Sample
a026df52169668712c17d4d1851b9286_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a026df52169668712c17d4d1851b9286_JaffaCakes118
-
Size
2.6MB
-
MD5
a026df52169668712c17d4d1851b9286
-
SHA1
154d43e6f359c7593f45cf33ec51e90e9a7e0f98
-
SHA256
cd2831fb37a832d879ae59d332c5d3d87ef6d2db68f4859e8151598d2df75c23
-
SHA512
02beb04cb43c3ff3560feda3e81e18cd9c2dec8143c2d8874af98d8e3290224a1c91d931f2dea68fbc4568b2b4d6823c3580d291e8e1f71f8c22e59fbb83047b
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlW:86SIROiFJiwp0xlrlW
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1