General
-
Target
b3e8ca7b0e888db462df99ed731b0f65_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-rfq9eszeqp
-
MD5
b3e8ca7b0e888db462df99ed731b0f65
-
SHA1
550126f34a37ef16835fb53404763e480abb4fe7
-
SHA256
a0222d3bb8bb0528f6e973f13f5fee76c91646fb3dfde93ed4a1271038dc6e18
-
SHA512
0f93910eb68b4657bc6beb2ab28fe5ffed2cd9ee305d5b71dda528165fcb23f6d07864bc3c8094d96b8eec843b7e9d469d42c05854321377821c4a62dfff3e4e
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlU:86SIROiFJiwp0xlrlU
Behavioral task
behavioral1
Sample
b3e8ca7b0e888db462df99ed731b0f65_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b3e8ca7b0e888db462df99ed731b0f65_JaffaCakes118
-
Size
2.6MB
-
MD5
b3e8ca7b0e888db462df99ed731b0f65
-
SHA1
550126f34a37ef16835fb53404763e480abb4fe7
-
SHA256
a0222d3bb8bb0528f6e973f13f5fee76c91646fb3dfde93ed4a1271038dc6e18
-
SHA512
0f93910eb68b4657bc6beb2ab28fe5ffed2cd9ee305d5b71dda528165fcb23f6d07864bc3c8094d96b8eec843b7e9d469d42c05854321377821c4a62dfff3e4e
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlU:86SIROiFJiwp0xlrlU
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1