General
-
Target
f6fb923848c026c2bbc5e848ca73f435_JaffaCakes118
-
Size
2.2MB
-
Sample
240925-2faa1svbmg
-
MD5
f6fb923848c026c2bbc5e848ca73f435
-
SHA1
48962add4a532acb9b70da9eb5c1da37f81e8cd3
-
SHA256
5bd87389c11f8773a10b6fce8d1929e9c1b754c4552b134df1557db17cc21cbc
-
SHA512
9be69e9f5502cdfb6045e07ae720fb4e0598b255d5107ccd61ee1228c27db47d88c13bff0a0c8080aafaa2b133d27b66a4d764b9671197f1a7f3dee2821672b2
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ5:0UzeyQMS4DqodCnoe+iitjWwwN
Behavioral task
behavioral1
Sample
f6fb923848c026c2bbc5e848ca73f435_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
f6fb923848c026c2bbc5e848ca73f435_JaffaCakes118
-
Size
2.2MB
-
MD5
f6fb923848c026c2bbc5e848ca73f435
-
SHA1
48962add4a532acb9b70da9eb5c1da37f81e8cd3
-
SHA256
5bd87389c11f8773a10b6fce8d1929e9c1b754c4552b134df1557db17cc21cbc
-
SHA512
9be69e9f5502cdfb6045e07ae720fb4e0598b255d5107ccd61ee1228c27db47d88c13bff0a0c8080aafaa2b133d27b66a4d764b9671197f1a7f3dee2821672b2
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ5:0UzeyQMS4DqodCnoe+iitjWwwN
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4