General

  • Target

    460f02f46b96568a58b5a0fafd202984_JaffaCakes118

  • Size

    658KB

  • Sample

    240515-n1xedsgc66

  • MD5

    460f02f46b96568a58b5a0fafd202984

  • SHA1

    b44cadc28ecf51555ca00be2c72b161d476132cf

  • SHA256

    505a05944e99fcb82f55d0ba2c17eaf7013da99f780f381303b82b922e5f40b7

  • SHA512

    70aff623d86fa941ea9417f8e884c164d50ebeaed44c337ede8698d4e7dd60e9af192b44c08fccc80bd16f83492785794077a2ade80f3ec95008571fbe8e97b4

  • SSDEEP

    12288:ZMMpXKb0hNGh1kG0HWnAWU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlC:ZMMpXS0hN0V0HKSGB2uJ2s4otqFCJrW7

Malware Config

Targets

    • Target

      460f02f46b96568a58b5a0fafd202984_JaffaCakes118

    • Size

      658KB

    • MD5

      460f02f46b96568a58b5a0fafd202984

    • SHA1

      b44cadc28ecf51555ca00be2c72b161d476132cf

    • SHA256

      505a05944e99fcb82f55d0ba2c17eaf7013da99f780f381303b82b922e5f40b7

    • SHA512

      70aff623d86fa941ea9417f8e884c164d50ebeaed44c337ede8698d4e7dd60e9af192b44c08fccc80bd16f83492785794077a2ade80f3ec95008571fbe8e97b4

    • SSDEEP

      12288:ZMMpXKb0hNGh1kG0HWnAWU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlC:ZMMpXS0hN0V0HKSGB2uJ2s4otqFCJrW7

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks