General
-
Target
a88d3b2be098c98bc73bd3cdeefb8833_JaffaCakes118
-
Size
2.6MB
-
Sample
240614-jfkgwazgpb
-
MD5
a88d3b2be098c98bc73bd3cdeefb8833
-
SHA1
ded4fe3956ab16c57186301325bcd49680aad5f9
-
SHA256
91042de5941a5ee237e2bf70b3d668fbd126f96689cc13bd65558b2dcedbe269
-
SHA512
3455ebd73395c07b1ba030198545c4db1e61af34e87dbe2a27e693ecad7f3076e14a9dc1e1f6c0b2abbb2c736a1ab057e949f95595185a9b7b4c5fc20483459f
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlP:86SIROiFJiwp0xlrlP
Behavioral task
behavioral1
Sample
a88d3b2be098c98bc73bd3cdeefb8833_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a88d3b2be098c98bc73bd3cdeefb8833_JaffaCakes118
-
Size
2.6MB
-
MD5
a88d3b2be098c98bc73bd3cdeefb8833
-
SHA1
ded4fe3956ab16c57186301325bcd49680aad5f9
-
SHA256
91042de5941a5ee237e2bf70b3d668fbd126f96689cc13bd65558b2dcedbe269
-
SHA512
3455ebd73395c07b1ba030198545c4db1e61af34e87dbe2a27e693ecad7f3076e14a9dc1e1f6c0b2abbb2c736a1ab057e949f95595185a9b7b4c5fc20483459f
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlP:86SIROiFJiwp0xlrlP
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1