General
-
Target
b5512e19e4d6647d45901ed1d60dd3a6_JaffaCakes118
-
Size
2.2MB
-
Sample
240616-1fkw3stakr
-
MD5
b5512e19e4d6647d45901ed1d60dd3a6
-
SHA1
9d6280953c4d93199988317cede17a5789312f45
-
SHA256
719d051c75653a7db73dd872a032fd7153f1845b2f8c97d047b1c76b2bad24df
-
SHA512
af4b7a777992b3607a5d0db252af8c7044572b220b9f92e9aac670a9c872b88331eb8036e7178b243432ece19047fea64d164b788d2301db3739f38f45428526
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZe:0UzeyQMS4DqodCnoe+iitjWwwa
Behavioral task
behavioral1
Sample
b5512e19e4d6647d45901ed1d60dd3a6_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b5512e19e4d6647d45901ed1d60dd3a6_JaffaCakes118
-
Size
2.2MB
-
MD5
b5512e19e4d6647d45901ed1d60dd3a6
-
SHA1
9d6280953c4d93199988317cede17a5789312f45
-
SHA256
719d051c75653a7db73dd872a032fd7153f1845b2f8c97d047b1c76b2bad24df
-
SHA512
af4b7a777992b3607a5d0db252af8c7044572b220b9f92e9aac670a9c872b88331eb8036e7178b243432ece19047fea64d164b788d2301db3739f38f45428526
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZe:0UzeyQMS4DqodCnoe+iitjWwwa
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1