General
-
Target
ed8689f4eb6c37aab8b3958a6c394d7b_JaffaCakes118
-
Size
56KB
-
Sample
240920-n2z7nsvglm
-
MD5
ed8689f4eb6c37aab8b3958a6c394d7b
-
SHA1
91bb09cfa1afebd160eb34c7e84af5fcb60820f2
-
SHA256
47eb66bcb2a953848bf88ab5ffe0b19695b425bd6dd9ebc2ecb846930e6a3cbf
-
SHA512
f33c2027ff37a8c3b24b63aac4391e154a35a82a5f72494c918e11a06fdf0c34361330dae226c5f04b82b682fee87a3de19889c4356c65e40deb2ea8aaf6c3aa
-
SSDEEP
1536:DoetNJ4Te4ZVpx7aeoL723BWQR76sTkIVCP:DoGoBWQRIIV
Malware Config
Targets
-
-
Target
ed8689f4eb6c37aab8b3958a6c394d7b_JaffaCakes118
-
Size
56KB
-
MD5
ed8689f4eb6c37aab8b3958a6c394d7b
-
SHA1
91bb09cfa1afebd160eb34c7e84af5fcb60820f2
-
SHA256
47eb66bcb2a953848bf88ab5ffe0b19695b425bd6dd9ebc2ecb846930e6a3cbf
-
SHA512
f33c2027ff37a8c3b24b63aac4391e154a35a82a5f72494c918e11a06fdf0c34361330dae226c5f04b82b682fee87a3de19889c4356c65e40deb2ea8aaf6c3aa
-
SSDEEP
1536:DoetNJ4Te4ZVpx7aeoL723BWQR76sTkIVCP:DoGoBWQRIIV
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Event Triggered Execution
1Change Default File Association
1