General

  • Target

    aa26ec34162e38147b948b39b362d476_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240614-rpcgmathka

  • MD5

    aa26ec34162e38147b948b39b362d476

  • SHA1

    da5b96356ad4abf51660d031981c0cb22dc60b45

  • SHA256

    df77dd69b8085bcd0bac0a6493b405b2cb4faab5a8394e9c25dcb594c8735c54

  • SHA512

    2120f027fd065c8d4b83416246899332b5ac6f14f9ba20ea1efa817e732e5420b78a0573fff61b195369ba33046b8d59de872eeed9bfbf231ab912254b37ff6d

  • SSDEEP

    98304:2kXLdgsaDD0rQ9LeAu1m1UWYJiNj32bttv/ah6eygQgFQt81ngkn:nLdgsaDIk9/1UJiIBtv/neyPkn

Malware Config

Targets

    • Target

      Windows优化卫士 6.0/YiXinSafe/SkinH_EL.dll

    • Size

      143KB

    • MD5

      772b247e8c57ffd1751cd569e2c0377a

    • SHA1

      ebcbef1bd170138ab4855ee1ce3e7421555e3691

    • SHA256

      931eb554bad234bbd3b427237ece1ab509a9b6da5fb1bcd8d668f08d52201771

    • SHA512

      9c4b9c134308e289130829901e1fd0d8bb470dcadef7b9cd09ce8afe7431bc0973ebc76232ab5a7965ac4fde4dcc8d7819dea0099947361f24fed494f7d4bee6

    • SSDEEP

      3072:x5Np2dlUX0+Cx17F8QRJZKmOK3outKqnhCO6an//8vt8VXuX208n:PFwT7SMJMzUoShhKa//82G2l

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Windows优化卫士 6.0/YiXinSafe/YiXinPCTray.exe

    • Size

      1.3MB

    • MD5

      58853c966aa4475abcb37f8a89bfad63

    • SHA1

      09dc7d7c796414b754a5fa9687005a6a1f8856bc

    • SHA256

      3ba42211ae2fdf56182fef332f11c9d1b9ed5ed5fd57838b604418aa8cfc322e

    • SHA512

      6f3ac48dc9eb6dbb190c3fe676ec6e8a0ec88d9e8846d8bff8cebe9e47785d514445c07316f0f09f9aefd849ab7c309b8659017d65868d0c3f29f2d1cf4039a4

    • SSDEEP

      12288:48eTUxcn2d9sxrIJpUcGP76kXTbgHKHhea0lfshdcC:48OUxn7sdIJCc27r/lHhn0dwf

    Score
    6/10
    • Target

      Windows优化卫士 6.0/YiXinSafe/mb.dll

    • Size

      8.2MB

    • MD5

      3ca3a8b5f33d1a0495a299a09b9b990f

    • SHA1

      c6245ad97407dadcc8a32d01c562d952d6477c49

    • SHA256

      1f48007c2b9c6fe919579c3375d2505727f5fcf1b5059cb769cb81bfc9be4ce4

    • SHA512

      632c7af384b77e1c913997849e4b8ab757b4f6a07c5fe2836e89a44d7d2a80e8657a44529753a2a2bcf3c35fe16d2100ce94c3770a5c6d32040c9da9b405acc8

    • SSDEEP

      98304:Btw4MNqQmNmjdZg+BS2zDwo17vh4gUNaAlbQBma/GYeYVQPfZyyEVlJFUq/EUiDy:AqKdZjZHwo17iNVQ/+RfsywGm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Windows优化卫士 6.0/nsUninstall.exe

    • Size

      381KB

    • MD5

      750d535256dd25072e27cea0d2c26782

    • SHA1

      783405ae08f93f371d416a7ae7c42936e79bf54c

    • SHA256

      c67bf1732374270d710c73b7e613832d67b2d933839a9d7eb4bf2de88b0919ab

    • SHA512

      3ebe23dd306f92890968d51fff2148e045e16ec63ca152fa3cfe71f62c239d7a0e9fc5c4c6bb1cb6c4e3d29a3b49ae3e2e31ae23b663c38a4033f9f5426c0325

    • SSDEEP

      6144:b/1K2c1DQ6uWDavc2/vuZaJevK+H781hFn7vW/h9Sp1Xt1:pJIDQ6u9vc2/mZK+HOCud

    Score
    1/10
    • Target

      Windows优化卫士 6.0/华彩联盟论坛.url

    • Size

      195B

    • MD5

      058c6dd31a6a2d90f0a773170084821a

    • SHA1

      81fcaeb55848e7ee386522e516fd1650bff0f31b

    • SHA256

      4ce090788a79b4ee816322f0fa57e7020f1108911fc6cdf1ec7b437cd2187782

    • SHA512

      bd9feff103ba9c78d89da0e7205a4f9f18e3bc87b3a26a987b667124539efbd2d3b6fc26e06ff8dffac61241ae1d4915ddfe784c34c15f4b4374b358e630a3e8

    Score
    1/10
    • Target

      Windows优化卫士 6.0/华彩软件站-使用必读.url

    • Size

      195B

    • MD5

      584c19af540c6f9f9228f18b41c54d07

    • SHA1

      5a3eee9fab9d553f5edddef0cc06630e35446dd8

    • SHA256

      ee0e7e1a20dd376bd088291e97394ad8c2b43f6638e69179a288e8d2c986d9df

    • SHA512

      69207b24fff3a72ed5861685a667034f9597fdd1cf1b4bce941e295f7424562db1628da32f036f9fb5f9d63ff12b3a4058bbfe38f562a9c52c46f7b310f1a2c9

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Discovery

System Information Discovery

1
T1082

Tasks