General
-
Target
a1d1cc8597482b3e9573af17f9602fce_JaffaCakes118
-
Size
2.6MB
-
Sample
240612-xe7snszbkp
-
MD5
a1d1cc8597482b3e9573af17f9602fce
-
SHA1
aadc3cbc30a4ee196ea182dda493a764cb338bc9
-
SHA256
e9c1ef1640a6120929f8c8923950b1da47a404122996001e7d2e86abf7bfe2ae
-
SHA512
bd41857e80cbc70c55244abcc93017c0389edc1014c3aa0667c4379cd748bb3b770d824eb0c026f60dc7c2f78a203d0cf1a065fd208d88231e434d8b073e6250
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlH:86SIROiFJiwp0xlrlH
Behavioral task
behavioral1
Sample
a1d1cc8597482b3e9573af17f9602fce_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a1d1cc8597482b3e9573af17f9602fce_JaffaCakes118
-
Size
2.6MB
-
MD5
a1d1cc8597482b3e9573af17f9602fce
-
SHA1
aadc3cbc30a4ee196ea182dda493a764cb338bc9
-
SHA256
e9c1ef1640a6120929f8c8923950b1da47a404122996001e7d2e86abf7bfe2ae
-
SHA512
bd41857e80cbc70c55244abcc93017c0389edc1014c3aa0667c4379cd748bb3b770d824eb0c026f60dc7c2f78a203d0cf1a065fd208d88231e434d8b073e6250
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlH:86SIROiFJiwp0xlrlH
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1