General

  • Target

    1500fd885ac9073066ba718b4f1e5165_JaffaCakes118

  • Size

    256KB

  • Sample

    241004-1hfp5sscmd

  • MD5

    1500fd885ac9073066ba718b4f1e5165

  • SHA1

    89af83c4fb1535392ce42480ac87e3cc546bbe71

  • SHA256

    05d31efd70537890038e4e3f70f5aada6c211cc97acc252515987f4a809bc26d

  • SHA512

    03567e8ac299a2aaf7364d91e8d6839ecfd86716154b32dec5e33853f3de2627c9aedd7f4a47bd6cef5fbf5ffd0745b63aa99e26dbe0b1cccbf1d2e487b0ed92

  • SSDEEP

    3072:J4vRJRkTcZ7fcxdl5CTVBoEBClwrnfJMtZbzOPrL97iTIHHgGCEmcz0ju7UTrTzr:JfHngrdiTIgGCEmcf7U5u

Malware Config

Targets

    • Target

      1500fd885ac9073066ba718b4f1e5165_JaffaCakes118

    • Size

      256KB

    • MD5

      1500fd885ac9073066ba718b4f1e5165

    • SHA1

      89af83c4fb1535392ce42480ac87e3cc546bbe71

    • SHA256

      05d31efd70537890038e4e3f70f5aada6c211cc97acc252515987f4a809bc26d

    • SHA512

      03567e8ac299a2aaf7364d91e8d6839ecfd86716154b32dec5e33853f3de2627c9aedd7f4a47bd6cef5fbf5ffd0745b63aa99e26dbe0b1cccbf1d2e487b0ed92

    • SSDEEP

      3072:J4vRJRkTcZ7fcxdl5CTVBoEBClwrnfJMtZbzOPrL97iTIHHgGCEmcz0ju7UTrTzr:JfHngrdiTIgGCEmcf7U5u

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks