General

  • Target

    0e926afc3cee817171a9bb124a6a48a0_JaffaCakes118

  • Size

    152KB

  • Sample

    241003-h9fkca1gjp

  • MD5

    0e926afc3cee817171a9bb124a6a48a0

  • SHA1

    5670856b07f8a3b17bd9e6f5e48cb83d36443488

  • SHA256

    98021db747d970ffd4c34fbdb7cd8079cabfe780bae4b9ba2a1a40c653c8b417

  • SHA512

    58cd555529ca079409723c4d985ebffae5f998711cb88746ce2d313811f9faa1331121053bfe9b822d57ad4125f789b4363f7df78ecfe2043fcc9466f7ec4ffb

  • SSDEEP

    3072:dn2PxxtKjiJSfzIkOb4ZNeUxFPAI8JsFYyOG/102+klCQE:9DjiJ3k5ZNeUfPATJsV02n8x

Malware Config

Targets

    • Target

      0e926afc3cee817171a9bb124a6a48a0_JaffaCakes118

    • Size

      152KB

    • MD5

      0e926afc3cee817171a9bb124a6a48a0

    • SHA1

      5670856b07f8a3b17bd9e6f5e48cb83d36443488

    • SHA256

      98021db747d970ffd4c34fbdb7cd8079cabfe780bae4b9ba2a1a40c653c8b417

    • SHA512

      58cd555529ca079409723c4d985ebffae5f998711cb88746ce2d313811f9faa1331121053bfe9b822d57ad4125f789b4363f7df78ecfe2043fcc9466f7ec4ffb

    • SSDEEP

      3072:dn2PxxtKjiJSfzIkOb4ZNeUxFPAI8JsFYyOG/102+klCQE:9DjiJ3k5ZNeUfPATJsV02n8x

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks