General
-
Target
6f62e0e25dd35633ce83dcb3fb775fdb_JaffaCakes118
-
Size
9.0MB
-
Sample
240725-nlzk7syhmc
-
MD5
6f62e0e25dd35633ce83dcb3fb775fdb
-
SHA1
e17242bc4c4bc4191de1e38e4a55317d4d87525b
-
SHA256
92c8666b725d59ad89ec08c7f88d4f07dcf73335ae3e3e0e2f569f422ed8f3a6
-
SHA512
9ec972c281e171bddfe4902e79d47663021784f750b88ffa816ff8dfa8bdd036c600b9f1aae1ca8027a252c260033bf5a5edc555e38c631203554bb6dd7256be
-
SSDEEP
196608:i7effIPEsy58doQaTzwZ8Jq3QKnqVtxQw818dmXEQl1llLmiwlyif8cHQlk8nP+l:i7effIPEsy58doQaTzwZ8Jq3QKnqVtx1
Malware Config
Targets
-
-
Target
6f62e0e25dd35633ce83dcb3fb775fdb_JaffaCakes118
-
Size
9.0MB
-
MD5
6f62e0e25dd35633ce83dcb3fb775fdb
-
SHA1
e17242bc4c4bc4191de1e38e4a55317d4d87525b
-
SHA256
92c8666b725d59ad89ec08c7f88d4f07dcf73335ae3e3e0e2f569f422ed8f3a6
-
SHA512
9ec972c281e171bddfe4902e79d47663021784f750b88ffa816ff8dfa8bdd036c600b9f1aae1ca8027a252c260033bf5a5edc555e38c631203554bb6dd7256be
-
SSDEEP
196608:i7effIPEsy58doQaTzwZ8Jq3QKnqVtxQw818dmXEQl1llLmiwlyif8cHQlk8nP+l:i7effIPEsy58doQaTzwZ8Jq3QKnqVtx1
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2