General
-
Target
0a5006217767b579f4076731ffa44039_JaffaCakes118
-
Size
1.9MB
-
Sample
240624-xrhpbayaph
-
MD5
0a5006217767b579f4076731ffa44039
-
SHA1
2cbcf25ae156d8c4c590098c03aed10d4e35d16d
-
SHA256
7b42ab8d07c7470e746b7f69222b75e8f5be1b674ce11f11e16d0d4e3cfda097
-
SHA512
1e2c80ddea1601bee8c79e3e2105ca0b9e854d737312cf524c964918fce1881aaa76aea6ae749f5b7aae7f854f51a92eb8765eab40dd5a619748403806bd9ef2
-
SSDEEP
12288:+8f54964puAkuZ34hLsMtzXZihF/yNOESrW7WAEQ:Hf5C64YBux4xzXTN8rWPEQ
Malware Config
Targets
-
-
Target
0a5006217767b579f4076731ffa44039_JaffaCakes118
-
Size
1.9MB
-
MD5
0a5006217767b579f4076731ffa44039
-
SHA1
2cbcf25ae156d8c4c590098c03aed10d4e35d16d
-
SHA256
7b42ab8d07c7470e746b7f69222b75e8f5be1b674ce11f11e16d0d4e3cfda097
-
SHA512
1e2c80ddea1601bee8c79e3e2105ca0b9e854d737312cf524c964918fce1881aaa76aea6ae749f5b7aae7f854f51a92eb8765eab40dd5a619748403806bd9ef2
-
SSDEEP
12288:+8f54964puAkuZ34hLsMtzXZihF/yNOESrW7WAEQ:Hf5C64YBux4xzXTN8rWPEQ
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2