General

  • Target

    14a7caab6379cd7104493ceef5323f22_JaffaCakes118

  • Size

    192KB

  • Sample

    241004-x7fvnawgkh

  • MD5

    14a7caab6379cd7104493ceef5323f22

  • SHA1

    516c49e3b79aadb722e7948be9be0c076f144938

  • SHA256

    fa77efeb1d4475a9ad8959ce38258c74095db506dec1f152bde298ea1e532014

  • SHA512

    0c42fbfc5e150f747e5d6c74e9319eaa9629a2e361ac249d65e5886a86eca9940d4df280367acdbabd891028b0d4815be6fcd653082ff7b88776ea1afd2a8787

  • SSDEEP

    3072:EIvYZGWb4lQRY+OjKxlKhhFXJZObowqlVm8F8VQkK1JKlTWjmnjOK:E4W3RYvjfhGEpTm8FwKfhg

Malware Config

Targets

    • Target

      14a7caab6379cd7104493ceef5323f22_JaffaCakes118

    • Size

      192KB

    • MD5

      14a7caab6379cd7104493ceef5323f22

    • SHA1

      516c49e3b79aadb722e7948be9be0c076f144938

    • SHA256

      fa77efeb1d4475a9ad8959ce38258c74095db506dec1f152bde298ea1e532014

    • SHA512

      0c42fbfc5e150f747e5d6c74e9319eaa9629a2e361ac249d65e5886a86eca9940d4df280367acdbabd891028b0d4815be6fcd653082ff7b88776ea1afd2a8787

    • SSDEEP

      3072:EIvYZGWb4lQRY+OjKxlKhhFXJZObowqlVm8F8VQkK1JKlTWjmnjOK:E4W3RYvjfhGEpTm8FwKfhg

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks