General

  • Target

    11623cc5aca8bda55593c545b7594ed9_JaffaCakes118

  • Size

    928KB

  • Sample

    240626-kjml3sycpl

  • MD5

    11623cc5aca8bda55593c545b7594ed9

  • SHA1

    d5f78b1d83606b2a69d4201eee10e7e377f96d39

  • SHA256

    060c82e8e95a519e2d48ffb34db83076be19f226b051938e7452e5a6bddde414

  • SHA512

    4665e29e4a584fdbf0c1cb315abac217358eddcb7ed79ab5659ba8fac6c7e183231aefb6b2c3b193072c712a8e887cf677252ddd4359d552108cd90fbed585ed

  • SSDEEP

    24576:1uj9BMESlwQOiyIakELLtkOlYNUtd0L5u+D:10DSllLL8L7uNDLXD

Malware Config

Targets

    • Target

      11623cc5aca8bda55593c545b7594ed9_JaffaCakes118

    • Size

      928KB

    • MD5

      11623cc5aca8bda55593c545b7594ed9

    • SHA1

      d5f78b1d83606b2a69d4201eee10e7e377f96d39

    • SHA256

      060c82e8e95a519e2d48ffb34db83076be19f226b051938e7452e5a6bddde414

    • SHA512

      4665e29e4a584fdbf0c1cb315abac217358eddcb7ed79ab5659ba8fac6c7e183231aefb6b2c3b193072c712a8e887cf677252ddd4359d552108cd90fbed585ed

    • SSDEEP

      24576:1uj9BMESlwQOiyIakELLtkOlYNUtd0L5u+D:10DSllLL8L7uNDLXD

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks