General
-
Target
b3b1db5584642249b041624ed525b0c1_JaffaCakes118
-
Size
2.2MB
-
Sample
240616-qg2wwavbkh
-
MD5
b3b1db5584642249b041624ed525b0c1
-
SHA1
934dd956f6c3d08f07223019c7eecf5504cef41d
-
SHA256
e9a707793c17d8eb6fb465771a56c3f6f907f29157d2ee6182ba0a3751b1b7a2
-
SHA512
13869c432240ac2d335ba3b2d7cd678c9e51521fac9c836221b0e066208130f1cdb62a85a343c4878281f1372dcb0bed171d3f46243036d1cb9d0ca0f0dbc737
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZF:0UzeyQMS4DqodCnoe+iitjWwwJ
Behavioral task
behavioral1
Sample
b3b1db5584642249b041624ed525b0c1_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b3b1db5584642249b041624ed525b0c1_JaffaCakes118
-
Size
2.2MB
-
MD5
b3b1db5584642249b041624ed525b0c1
-
SHA1
934dd956f6c3d08f07223019c7eecf5504cef41d
-
SHA256
e9a707793c17d8eb6fb465771a56c3f6f907f29157d2ee6182ba0a3751b1b7a2
-
SHA512
13869c432240ac2d335ba3b2d7cd678c9e51521fac9c836221b0e066208130f1cdb62a85a343c4878281f1372dcb0bed171d3f46243036d1cb9d0ca0f0dbc737
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZF:0UzeyQMS4DqodCnoe+iitjWwwJ
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1