General
-
Target
a90a7903db960d2937dd8a857cff2ec1_JaffaCakes118
-
Size
2.6MB
-
Sample
240614-ls2m2aygkl
-
MD5
a90a7903db960d2937dd8a857cff2ec1
-
SHA1
985fd87487e6415b614b700487040733375e39de
-
SHA256
6ea303046428c80d0b02c63b80940f77d7e53042848870d70b9acb4462d32750
-
SHA512
833a619ffe2ed81e1c00d1d1694a72fd41edbd0f2bb5d04dc685744317dc82da3ca69c9dcd4066596dfe65590487652d52c439f6626d947149d71be5e33ab2d2
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl5:86SIROiFJiwp0xlrl5
Behavioral task
behavioral1
Sample
a90a7903db960d2937dd8a857cff2ec1_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a90a7903db960d2937dd8a857cff2ec1_JaffaCakes118
-
Size
2.6MB
-
MD5
a90a7903db960d2937dd8a857cff2ec1
-
SHA1
985fd87487e6415b614b700487040733375e39de
-
SHA256
6ea303046428c80d0b02c63b80940f77d7e53042848870d70b9acb4462d32750
-
SHA512
833a619ffe2ed81e1c00d1d1694a72fd41edbd0f2bb5d04dc685744317dc82da3ca69c9dcd4066596dfe65590487652d52c439f6626d947149d71be5e33ab2d2
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl5:86SIROiFJiwp0xlrl5
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1