General
-
Target
26adc37442f43dd3e1c06c26c3793a56_JaffaCakes118
-
Size
4.0MB
-
Sample
240704-3rqb2sydpe
-
MD5
26adc37442f43dd3e1c06c26c3793a56
-
SHA1
15d6486f8c6c5c767651d3016624025d2fb34da4
-
SHA256
f8ae2e6e1e607e7734fd02871d0754d7236e6f6ed9bb501ad6ff5115e40c42c2
-
SHA512
55d21803162d126d460f95dccb580b85725a209a367a9ba00d00a5057370985bbd9a77689d7d45efb4ce7cec3b74edcaecd33f4d9bba4c9f4e21c371a8cb3765
-
SSDEEP
98304:MRhxs1zO9FSSVNSt0RzOtk0kCkBptwhBKB0F+w7:GxEO9gSLSt0Ryi0pkBp6rK21
Malware Config
Targets
-
-
Target
26adc37442f43dd3e1c06c26c3793a56_JaffaCakes118
-
Size
4.0MB
-
MD5
26adc37442f43dd3e1c06c26c3793a56
-
SHA1
15d6486f8c6c5c767651d3016624025d2fb34da4
-
SHA256
f8ae2e6e1e607e7734fd02871d0754d7236e6f6ed9bb501ad6ff5115e40c42c2
-
SHA512
55d21803162d126d460f95dccb580b85725a209a367a9ba00d00a5057370985bbd9a77689d7d45efb4ce7cec3b74edcaecd33f4d9bba4c9f4e21c371a8cb3765
-
SSDEEP
98304:MRhxs1zO9FSSVNSt0RzOtk0kCkBptwhBKB0F+w7:GxEO9gSLSt0Ryi0pkBp6rK21
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1