General

  • Target

    53474c750c9187e0490082d8e1c11a6d_JaffaCakes118

  • Size

    418KB

  • Sample

    240518-gpqn5seg57

  • MD5

    53474c750c9187e0490082d8e1c11a6d

  • SHA1

    a53490817cd28f7f9d3689c1dff73308e39ea8c0

  • SHA256

    22761f5b95ad6b2932fd543292606a4390728e4837a9914c087ee0556b910786

  • SHA512

    77ffaf942f932c2ec81a1ca2c0b9f321c28745fd8f0cd1f91f8e0b7bd69fc82099b81cd736514309e8f431b7a6cbecf19ee154844587e3fbd1c097ec969c4f92

  • SSDEEP

    12288:qINL5QskZOSBJRVhQKUN3iduyA3fpIyTCP/tkhDzOkZ:n5mZOoJPCF3iduy669ViDykZ

Malware Config

Targets

    • Target

      53474c750c9187e0490082d8e1c11a6d_JaffaCakes118

    • Size

      418KB

    • MD5

      53474c750c9187e0490082d8e1c11a6d

    • SHA1

      a53490817cd28f7f9d3689c1dff73308e39ea8c0

    • SHA256

      22761f5b95ad6b2932fd543292606a4390728e4837a9914c087ee0556b910786

    • SHA512

      77ffaf942f932c2ec81a1ca2c0b9f321c28745fd8f0cd1f91f8e0b7bd69fc82099b81cd736514309e8f431b7a6cbecf19ee154844587e3fbd1c097ec969c4f92

    • SSDEEP

      12288:qINL5QskZOSBJRVhQKUN3iduyA3fpIyTCP/tkhDzOkZ:n5mZOoJPCF3iduy669ViDykZ

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks