General
-
Target
a88ab4278f42655b743b9d70e112e9a2_JaffaCakes118
-
Size
2.6MB
-
Sample
240614-jdkpvszgjb
-
MD5
a88ab4278f42655b743b9d70e112e9a2
-
SHA1
dc91f7b9914e9a2037ed2bf7f19139e8a8ea49aa
-
SHA256
69b0a3b94ad57377887ac0b2739f4a8cb9a84379a5b16816a410c24f0c629471
-
SHA512
3473fba50331446039d5fa69f6eabdc101f4653c2057189f23cf47dbe371a5f4da646ddffe9350e65d2271339e3eb5069c73266ca342f3bbdc9a01a1698781b1
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlR:86SIROiFJiwp0xlrlR
Behavioral task
behavioral1
Sample
a88ab4278f42655b743b9d70e112e9a2_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a88ab4278f42655b743b9d70e112e9a2_JaffaCakes118
-
Size
2.6MB
-
MD5
a88ab4278f42655b743b9d70e112e9a2
-
SHA1
dc91f7b9914e9a2037ed2bf7f19139e8a8ea49aa
-
SHA256
69b0a3b94ad57377887ac0b2739f4a8cb9a84379a5b16816a410c24f0c629471
-
SHA512
3473fba50331446039d5fa69f6eabdc101f4653c2057189f23cf47dbe371a5f4da646ddffe9350e65d2271339e3eb5069c73266ca342f3bbdc9a01a1698781b1
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlR:86SIROiFJiwp0xlrlR
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1