General
-
Target
b500698cdc94b8c324f353d9b842245e_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-y1tcvazckn
-
MD5
b500698cdc94b8c324f353d9b842245e
-
SHA1
056d0f737620209854f574946d6eac085196145d
-
SHA256
fe8d80c6ab184ad43c0a982b0e4b86386d60d5dd2ec2e3e144081049a49ed6aa
-
SHA512
def0698b13299cd8b0935e306f4413435a48b18c1847233b21ba44fcbeedab54abe7c4c8eefee3c85e989998b3c336138dadc333a6f03ccdf4118782c8dbd5b0
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl+:86SIROiFJiwp0xlrl+
Behavioral task
behavioral1
Sample
b500698cdc94b8c324f353d9b842245e_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b500698cdc94b8c324f353d9b842245e_JaffaCakes118
-
Size
2.6MB
-
MD5
b500698cdc94b8c324f353d9b842245e
-
SHA1
056d0f737620209854f574946d6eac085196145d
-
SHA256
fe8d80c6ab184ad43c0a982b0e4b86386d60d5dd2ec2e3e144081049a49ed6aa
-
SHA512
def0698b13299cd8b0935e306f4413435a48b18c1847233b21ba44fcbeedab54abe7c4c8eefee3c85e989998b3c336138dadc333a6f03ccdf4118782c8dbd5b0
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl+:86SIROiFJiwp0xlrl+
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1