General
-
Target
b53accbef7fa8a49b400bd5b6fc7d9f7_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-z16tlsyanh
-
MD5
b53accbef7fa8a49b400bd5b6fc7d9f7
-
SHA1
234ca667370e1c439847678f291f384a9816172b
-
SHA256
e91dda0e0cdde478ce5e3919442b53f663adb7780144a7c32fec9147829a4e82
-
SHA512
565105b0cf3f8bcf3541afa13015de3d8af391d9f17a7285a63e2e993b58f85b8c3325c8878c722fbd227900d206fb8510efdbd1c24b818db14f7f1a09e68ba7
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlS:86SIROiFJiwp0xlrlS
Behavioral task
behavioral1
Sample
b53accbef7fa8a49b400bd5b6fc7d9f7_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b53accbef7fa8a49b400bd5b6fc7d9f7_JaffaCakes118
-
Size
2.6MB
-
MD5
b53accbef7fa8a49b400bd5b6fc7d9f7
-
SHA1
234ca667370e1c439847678f291f384a9816172b
-
SHA256
e91dda0e0cdde478ce5e3919442b53f663adb7780144a7c32fec9147829a4e82
-
SHA512
565105b0cf3f8bcf3541afa13015de3d8af391d9f17a7285a63e2e993b58f85b8c3325c8878c722fbd227900d206fb8510efdbd1c24b818db14f7f1a09e68ba7
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlS:86SIROiFJiwp0xlrlS
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1