General
-
Target
a1658d1fc60724d64210d898de0bd824_JaffaCakes118
-
Size
2.2MB
-
Sample
240612-vbtqjawbqn
-
MD5
a1658d1fc60724d64210d898de0bd824
-
SHA1
0291c411275dd5064271a46444ab9d6622282f1e
-
SHA256
b874d4c4aa4ea1cc9dd95c5e6498744f3925cd35994d3c51f0a1b621f69a47b0
-
SHA512
2e83ba3bfa4c6a27b13fa687b6ed7359696d02308c26331372239e62ff5f47293d96615b52a7a67dcd56b4a1f775e3c1ac50662c997d6944951864b9ce0eea33
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZM:0UzeyQMS4DqodCnoe+iitjWwwg
Behavioral task
behavioral1
Sample
a1658d1fc60724d64210d898de0bd824_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a1658d1fc60724d64210d898de0bd824_JaffaCakes118
-
Size
2.2MB
-
MD5
a1658d1fc60724d64210d898de0bd824
-
SHA1
0291c411275dd5064271a46444ab9d6622282f1e
-
SHA256
b874d4c4aa4ea1cc9dd95c5e6498744f3925cd35994d3c51f0a1b621f69a47b0
-
SHA512
2e83ba3bfa4c6a27b13fa687b6ed7359696d02308c26331372239e62ff5f47293d96615b52a7a67dcd56b4a1f775e3c1ac50662c997d6944951864b9ce0eea33
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZM:0UzeyQMS4DqodCnoe+iitjWwwg
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1