General
-
Target
ee805b415a986cbb848ceafe4ea4c7dd_JaffaCakes118
-
Size
244KB
-
Sample
240920-1t62gazhqk
-
MD5
ee805b415a986cbb848ceafe4ea4c7dd
-
SHA1
824eca950ab571cf867f20c8ef96548c2c912e85
-
SHA256
01a4ace38d1993c38d6136a86633e28e9917470952b65f264bfe92f5880e1001
-
SHA512
606777f1d3e5c7d81d821082200b17bcbd0bd32ecc99f9394736c57a88069efdea5ecf03add540d9ccdeaeee58d38a841fc4f52b5feb09626560934ed4861340
-
SSDEEP
3072:0HCRNl3lR7SOcYkLOqD3xNL/WHoEsnr8cNNhVakuHttN3Q+4kQ0S4CoDUWwgT4w:ke7OLO+eHurtbEkunNf4kQ0PCoQgT
Malware Config
Targets
-
-
Target
ee805b415a986cbb848ceafe4ea4c7dd_JaffaCakes118
-
Size
244KB
-
MD5
ee805b415a986cbb848ceafe4ea4c7dd
-
SHA1
824eca950ab571cf867f20c8ef96548c2c912e85
-
SHA256
01a4ace38d1993c38d6136a86633e28e9917470952b65f264bfe92f5880e1001
-
SHA512
606777f1d3e5c7d81d821082200b17bcbd0bd32ecc99f9394736c57a88069efdea5ecf03add540d9ccdeaeee58d38a841fc4f52b5feb09626560934ed4861340
-
SSDEEP
3072:0HCRNl3lR7SOcYkLOqD3xNL/WHoEsnr8cNNhVakuHttN3Q+4kQ0S4CoDUWwgT4w:ke7OLO+eHurtbEkunNf4kQ0PCoQgT
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1