General
-
Target
a0686c6259a3985556192bb559b1fbc7_JaffaCakes118
-
Size
2.6MB
-
Sample
240612-m1j9dswalq
-
MD5
a0686c6259a3985556192bb559b1fbc7
-
SHA1
9f69c6943d952389d931a4d4783c6cf167eaaeee
-
SHA256
9431f98b9e6d60ddc49dbf50d9d0328c08847ce058ae3697abc44971f6f608f6
-
SHA512
99b05b324b480439c25c310223871f0352dc6c535f1afbc26b9436c09149b372b8c905915983bd49e8186afa5892bc8727b818d696bc03bf53dec2b9f6438609
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlM:86SIROiFJiwp0xlrlM
Behavioral task
behavioral1
Sample
a0686c6259a3985556192bb559b1fbc7_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a0686c6259a3985556192bb559b1fbc7_JaffaCakes118
-
Size
2.6MB
-
MD5
a0686c6259a3985556192bb559b1fbc7
-
SHA1
9f69c6943d952389d931a4d4783c6cf167eaaeee
-
SHA256
9431f98b9e6d60ddc49dbf50d9d0328c08847ce058ae3697abc44971f6f608f6
-
SHA512
99b05b324b480439c25c310223871f0352dc6c535f1afbc26b9436c09149b372b8c905915983bd49e8186afa5892bc8727b818d696bc03bf53dec2b9f6438609
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlM:86SIROiFJiwp0xlrlM
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1