General

  • Target

    0f1b2e298467252d72d3f69079906641_JaffaCakes118

  • Size

    3.5MB

  • Sample

    240625-w7km6syclm

  • MD5

    0f1b2e298467252d72d3f69079906641

  • SHA1

    71ffa4c171e363bd7e920f5efd89db4335904147

  • SHA256

    3a554fe0ce26157af66f7f7a45bdea403873dedb6b7afb0187c07edf3a0a01a5

  • SHA512

    519b446bc5d5a7f6bf854bb70453f76af5ee6234454a929580ca7c58f0b62ee0d9c018c16f23da24a96c7e25727fce7ed9ebf9f8f19ee8405684f4879416568b

  • SSDEEP

    49152:FkpsIab2zeDqAZ7WQ96EtwsWCduHhZSMuQqxzlPr36WLjXseedPcOx1yrZOTK:6sZizeDqAT96EDWGu+MNo3Njfsl1Gp

Malware Config

Targets

    • Target

      0f1b2e298467252d72d3f69079906641_JaffaCakes118

    • Size

      3.5MB

    • MD5

      0f1b2e298467252d72d3f69079906641

    • SHA1

      71ffa4c171e363bd7e920f5efd89db4335904147

    • SHA256

      3a554fe0ce26157af66f7f7a45bdea403873dedb6b7afb0187c07edf3a0a01a5

    • SHA512

      519b446bc5d5a7f6bf854bb70453f76af5ee6234454a929580ca7c58f0b62ee0d9c018c16f23da24a96c7e25727fce7ed9ebf9f8f19ee8405684f4879416568b

    • SSDEEP

      49152:FkpsIab2zeDqAZ7WQ96EtwsWCduHhZSMuQqxzlPr36WLjXseedPcOx1yrZOTK:6sZizeDqAT96EDWGu+MNo3Njfsl1Gp

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks