General
-
Target
dec8805bd9783eb58d3c216bebcc4523_JaffaCakes118
-
Size
2.6MB
-
Sample
240913-yfk6qswala
-
MD5
dec8805bd9783eb58d3c216bebcc4523
-
SHA1
885b1907955e005df05c44e8ce41bee61deabf88
-
SHA256
755dd3a3bd1ae7c0cea2db0468e9a927124dc8e5372c61a0d9c5a74aeb24d691
-
SHA512
21948f95fa6a6f497799472f5dea49127e8a4e3553026cf24241444ff6069cef6e951fe716f90874b7693c484657cbc4abc25f45c5911dc5fc68f2210f129f4e
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlY:86SIROiFJiwp0xlrlY
Behavioral task
behavioral1
Sample
dec8805bd9783eb58d3c216bebcc4523_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
dec8805bd9783eb58d3c216bebcc4523_JaffaCakes118
-
Size
2.6MB
-
MD5
dec8805bd9783eb58d3c216bebcc4523
-
SHA1
885b1907955e005df05c44e8ce41bee61deabf88
-
SHA256
755dd3a3bd1ae7c0cea2db0468e9a927124dc8e5372c61a0d9c5a74aeb24d691
-
SHA512
21948f95fa6a6f497799472f5dea49127e8a4e3553026cf24241444ff6069cef6e951fe716f90874b7693c484657cbc4abc25f45c5911dc5fc68f2210f129f4e
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlY:86SIROiFJiwp0xlrlY
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4