General
-
Target
b54694611f3ad9f6f7407e5053f44b49_JaffaCakes118
-
Size
2.6MB
-
Sample
240616-z81bsssfkq
-
MD5
b54694611f3ad9f6f7407e5053f44b49
-
SHA1
3aff5e9ba30b95f784f180f7abae268009096649
-
SHA256
09eaa67842a05f47461e91bd91c63764b16b2050f0824b4d44d5cc94db57d0e4
-
SHA512
6acae0db88fb3d539ef7ecc8a5a0c154cbae3d620841cb1223de7e1b702b885c2887ae0414d7a25775b40745c8bdc4b1247f54bc3f65ede47816e4d4489d2fd6
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlZ:86SIROiFJiwp0xlrlZ
Behavioral task
behavioral1
Sample
b54694611f3ad9f6f7407e5053f44b49_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
b54694611f3ad9f6f7407e5053f44b49_JaffaCakes118
-
Size
2.6MB
-
MD5
b54694611f3ad9f6f7407e5053f44b49
-
SHA1
3aff5e9ba30b95f784f180f7abae268009096649
-
SHA256
09eaa67842a05f47461e91bd91c63764b16b2050f0824b4d44d5cc94db57d0e4
-
SHA512
6acae0db88fb3d539ef7ecc8a5a0c154cbae3d620841cb1223de7e1b702b885c2887ae0414d7a25775b40745c8bdc4b1247f54bc3f65ede47816e4d4489d2fd6
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlZ:86SIROiFJiwp0xlrlZ
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1