General
-
Target
b40ff019ab6ad23cb71d2cf77e347511_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-r6phhsxcre
-
MD5
b40ff019ab6ad23cb71d2cf77e347511
-
SHA1
949b5a7732ac4337e496d4dbb5127b5fa577b7f2
-
SHA256
1639a4b3acea8bdcbe23ad1cb2629dde273130f1ac1541a76f0dbf813dc439e2
-
SHA512
d9a224a75218d1a5f1e8d2de6c01b1461d55c3923456f09394ca9f18e3dc0b97baa1418a42c10b7c84f4b0c9d92246fa693657fc68548b01ef073be4d8bd2241
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl9:86SIROiFJiwp0xlrl9
Behavioral task
behavioral1
Sample
b40ff019ab6ad23cb71d2cf77e347511_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b40ff019ab6ad23cb71d2cf77e347511_JaffaCakes118
-
Size
2.6MB
-
MD5
b40ff019ab6ad23cb71d2cf77e347511
-
SHA1
949b5a7732ac4337e496d4dbb5127b5fa577b7f2
-
SHA256
1639a4b3acea8bdcbe23ad1cb2629dde273130f1ac1541a76f0dbf813dc439e2
-
SHA512
d9a224a75218d1a5f1e8d2de6c01b1461d55c3923456f09394ca9f18e3dc0b97baa1418a42c10b7c84f4b0c9d92246fa693657fc68548b01ef073be4d8bd2241
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl9:86SIROiFJiwp0xlrl9
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1