General
-
Target
b486d2f599d648bcceb186972c940170_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-wyfmvsvhmj
-
MD5
b486d2f599d648bcceb186972c940170
-
SHA1
b3852af70e14c593ba942cde60eb779af7224063
-
SHA256
fe058dcc96d11893f6cbe1b53c835a685accb9fd26d88d189fc1e4e787e841e8
-
SHA512
265e216371d0d0d6a7c78f894a2601b034f1df33360339fe01e4a20bd775a9b21b50b12af79ff34b41437f812e381d3d54d7a0de2a5f2961744d0e9b2016b64f
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl/:86SIROiFJiwp0xlrl/
Behavioral task
behavioral1
Sample
b486d2f599d648bcceb186972c940170_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b486d2f599d648bcceb186972c940170_JaffaCakes118
-
Size
2.6MB
-
MD5
b486d2f599d648bcceb186972c940170
-
SHA1
b3852af70e14c593ba942cde60eb779af7224063
-
SHA256
fe058dcc96d11893f6cbe1b53c835a685accb9fd26d88d189fc1e4e787e841e8
-
SHA512
265e216371d0d0d6a7c78f894a2601b034f1df33360339fe01e4a20bd775a9b21b50b12af79ff34b41437f812e381d3d54d7a0de2a5f2961744d0e9b2016b64f
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl/:86SIROiFJiwp0xlrl/
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1