General
-
Target
16f902491090535d69774895fde63bf4_JaffaCakes118
-
Size
124KB
-
Sample
240627-wnr8xavglq
-
MD5
16f902491090535d69774895fde63bf4
-
SHA1
f7273cac1b3ed08cc15275a5eb3a6771daa6b91b
-
SHA256
76869418b743d0c1c2ff4241f62f2ae0c63af1233dfb577eb71baad3be896f96
-
SHA512
1a32ec1437b121956a0a366ffa93511b42c17a59b032333482fa5eea5b462805772f02014a808a95f7dca48e050d23cd5c4305a67c37624c4441acafe12ac691
-
SSDEEP
1536:ylUNYw+Awk9/0WmGOq4OroRm2oO0jYlcwrLpdUGvd:yxAws/ldrom9cDr9OG
Malware Config
Targets
-
-
Target
16f902491090535d69774895fde63bf4_JaffaCakes118
-
Size
124KB
-
MD5
16f902491090535d69774895fde63bf4
-
SHA1
f7273cac1b3ed08cc15275a5eb3a6771daa6b91b
-
SHA256
76869418b743d0c1c2ff4241f62f2ae0c63af1233dfb577eb71baad3be896f96
-
SHA512
1a32ec1437b121956a0a366ffa93511b42c17a59b032333482fa5eea5b462805772f02014a808a95f7dca48e050d23cd5c4305a67c37624c4441acafe12ac691
-
SSDEEP
1536:ylUNYw+Awk9/0WmGOq4OroRm2oO0jYlcwrLpdUGvd:yxAws/ldrom9cDr9OG
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1