General

  • Target

    127aeb2b2915e1737ab57c48e445d682_JaffaCakes118

  • Size

    228KB

  • Sample

    240626-sxx9qstdjp

  • MD5

    127aeb2b2915e1737ab57c48e445d682

  • SHA1

    3e044a7f90c56b7964e6dc140cb445e4eab64680

  • SHA256

    a3e823d2c1d5008d2f392a7178c32cfdddddc44d6aacabc9f6f47762c5fbd40b

  • SHA512

    f399914189a72176ca46234c2071b48b32a772ab475b76bb795eff58aca4992c4833ee150b30dc5f5b1c7600626f0f7e06f187384d2f34ca3392ff6695bb7843

  • SSDEEP

    3072:Hr5mt+m6dyCBHSq9SkM81VF18nn3e7mKdC7SiNGTf3fifFyaLW/IxcM4yaD:HHbDwq9X11VF1u3e7LdAqPGFy0XxcX

Malware Config

Targets

    • Target

      127aeb2b2915e1737ab57c48e445d682_JaffaCakes118

    • Size

      228KB

    • MD5

      127aeb2b2915e1737ab57c48e445d682

    • SHA1

      3e044a7f90c56b7964e6dc140cb445e4eab64680

    • SHA256

      a3e823d2c1d5008d2f392a7178c32cfdddddc44d6aacabc9f6f47762c5fbd40b

    • SHA512

      f399914189a72176ca46234c2071b48b32a772ab475b76bb795eff58aca4992c4833ee150b30dc5f5b1c7600626f0f7e06f187384d2f34ca3392ff6695bb7843

    • SSDEEP

      3072:Hr5mt+m6dyCBHSq9SkM81VF18nn3e7mKdC7SiNGTf3fifFyaLW/IxcM4yaD:HHbDwq9X11VF1u3e7LdAqPGFy0XxcX

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks