General
-
Target
a924c923e2eaf3b463cfe147952d6e7e_JaffaCakes118
-
Size
2.6MB
-
Sample
240614-l9ejtswdma
-
MD5
a924c923e2eaf3b463cfe147952d6e7e
-
SHA1
15e2a3cec8c26b2e7e0f7587dfa411204e9a74d2
-
SHA256
d365d27650ef048cc59c4805409d5fa935088adf659ea0ea68e5776497ef2eb4
-
SHA512
eeaa889edc14392b50f7e13003f8d4e3ec28c75e48d0f3407160fbf48be3363bccdc5a260a85f0955f0f365f64d1a95b0bd61991de5e71245eaea89608fb373c
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlf:86SIROiFJiwp0xlrlf
Behavioral task
behavioral1
Sample
a924c923e2eaf3b463cfe147952d6e7e_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a924c923e2eaf3b463cfe147952d6e7e_JaffaCakes118
-
Size
2.6MB
-
MD5
a924c923e2eaf3b463cfe147952d6e7e
-
SHA1
15e2a3cec8c26b2e7e0f7587dfa411204e9a74d2
-
SHA256
d365d27650ef048cc59c4805409d5fa935088adf659ea0ea68e5776497ef2eb4
-
SHA512
eeaa889edc14392b50f7e13003f8d4e3ec28c75e48d0f3407160fbf48be3363bccdc5a260a85f0955f0f365f64d1a95b0bd61991de5e71245eaea89608fb373c
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlf:86SIROiFJiwp0xlrlf
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1