General
-
Target
a1816c956e7bde9e4fcf5b4d98c479cd_JaffaCakes118
-
Size
2.6MB
-
Sample
240612-v18kzsxbjl
-
MD5
a1816c956e7bde9e4fcf5b4d98c479cd
-
SHA1
e001e007d212fb6f75239cdf2e5c7d8aff47a9c4
-
SHA256
d6f04d8269d92b16581159950c1d17717cd7f9d9768ea7dc39135633581ae76c
-
SHA512
e88b45372ed1bb49eb92b21cfb2cbbf961735bea63ee1d9827c8cb541344cf1414ec84e460cee039f706b13c8cb313a65788d960e82530ab7b8616572ffb7110
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl/:86SIROiFJiwp0xlrl/
Behavioral task
behavioral1
Sample
a1816c956e7bde9e4fcf5b4d98c479cd_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a1816c956e7bde9e4fcf5b4d98c479cd_JaffaCakes118
-
Size
2.6MB
-
MD5
a1816c956e7bde9e4fcf5b4d98c479cd
-
SHA1
e001e007d212fb6f75239cdf2e5c7d8aff47a9c4
-
SHA256
d6f04d8269d92b16581159950c1d17717cd7f9d9768ea7dc39135633581ae76c
-
SHA512
e88b45372ed1bb49eb92b21cfb2cbbf961735bea63ee1d9827c8cb541344cf1414ec84e460cee039f706b13c8cb313a65788d960e82530ab7b8616572ffb7110
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl/:86SIROiFJiwp0xlrl/
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1