General
-
Target
b43e72c1dfb6a3f747b934f36fa6e1a7_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-syj4hasgkm
-
MD5
b43e72c1dfb6a3f747b934f36fa6e1a7
-
SHA1
04799b07c2669b4d3cb1143efa92b8b48a68df50
-
SHA256
ba8967a474786ee4e6856f8091eefe25a3624444a0de4be4728002ee12173988
-
SHA512
dd1f35af8f91d75e68d0f95f98f8e50d1faeee492c21efd4bbf31abb90deb2111e9334c98ce6f1c12163f2a944a048d94d2f47d0aae5e62dba31568efe8d671a
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlP:86SIROiFJiwp0xlrlP
Behavioral task
behavioral1
Sample
b43e72c1dfb6a3f747b934f36fa6e1a7_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b43e72c1dfb6a3f747b934f36fa6e1a7_JaffaCakes118
-
Size
2.6MB
-
MD5
b43e72c1dfb6a3f747b934f36fa6e1a7
-
SHA1
04799b07c2669b4d3cb1143efa92b8b48a68df50
-
SHA256
ba8967a474786ee4e6856f8091eefe25a3624444a0de4be4728002ee12173988
-
SHA512
dd1f35af8f91d75e68d0f95f98f8e50d1faeee492c21efd4bbf31abb90deb2111e9334c98ce6f1c12163f2a944a048d94d2f47d0aae5e62dba31568efe8d671a
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlP:86SIROiFJiwp0xlrlP
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1