General

  • Target

    0fdcece65289dc442a99b875eeb9c498_JaffaCakes118

  • Size

    180KB

  • Sample

    241003-v3nzcs1dla

  • MD5

    0fdcece65289dc442a99b875eeb9c498

  • SHA1

    49ae8323ccb9fbd92fce5c09e058b86087e51c8c

  • SHA256

    e7db1e2ba7dcc5c0e8ceb11c888ec361f0595418d82b792dcdd5844c7d13759f

  • SHA512

    07607f318551990737194914510bab366973a16ed685a7fda93fb2a482efc13bf22bb2e6187578a6bb7f30f45a0551ee38468316f0e7dd538a1e19dcdb62fee9

  • SSDEEP

    3072:1P2PxxtVYTRMClk3oq2L9vNTDQm/iAeQZZer:NyiRq4xZvNTOAhZZo

Malware Config

Targets

    • Target

      0fdcece65289dc442a99b875eeb9c498_JaffaCakes118

    • Size

      180KB

    • MD5

      0fdcece65289dc442a99b875eeb9c498

    • SHA1

      49ae8323ccb9fbd92fce5c09e058b86087e51c8c

    • SHA256

      e7db1e2ba7dcc5c0e8ceb11c888ec361f0595418d82b792dcdd5844c7d13759f

    • SHA512

      07607f318551990737194914510bab366973a16ed685a7fda93fb2a482efc13bf22bb2e6187578a6bb7f30f45a0551ee38468316f0e7dd538a1e19dcdb62fee9

    • SSDEEP

      3072:1P2PxxtVYTRMClk3oq2L9vNTDQm/iAeQZZer:NyiRq4xZvNTOAhZZo

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks