General
-
Target
a1833b1713d89b066f69f5649c8b43f1_JaffaCakes118
-
Size
2.2MB
-
Sample
240612-v25kqaxbmj
-
MD5
a1833b1713d89b066f69f5649c8b43f1
-
SHA1
2d02d0ff300351bfa1a767fa8d41cb81e7087c0d
-
SHA256
86bde8cdfbb93b89b494e3ab2d560c49dc576fe21d5f420ba30c25e537228dfd
-
SHA512
39def1ea712d850a3c533198c8529da74346621c2c31dd2d9e75c16ff5231e85952624d8456e60fcc8e2d3c9519df0399bbbd091dabed4e96664f11d9b2080a9
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZl:0UzeyQMS4DqodCnoe+iitjWwwZ
Behavioral task
behavioral1
Sample
a1833b1713d89b066f69f5649c8b43f1_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a1833b1713d89b066f69f5649c8b43f1_JaffaCakes118
-
Size
2.2MB
-
MD5
a1833b1713d89b066f69f5649c8b43f1
-
SHA1
2d02d0ff300351bfa1a767fa8d41cb81e7087c0d
-
SHA256
86bde8cdfbb93b89b494e3ab2d560c49dc576fe21d5f420ba30c25e537228dfd
-
SHA512
39def1ea712d850a3c533198c8529da74346621c2c31dd2d9e75c16ff5231e85952624d8456e60fcc8e2d3c9519df0399bbbd091dabed4e96664f11d9b2080a9
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZl:0UzeyQMS4DqodCnoe+iitjWwwZ
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1