General

  • Target

    1651bcc888424d427c01013e8e798903_JaffaCakes118

  • Size

    178KB

  • Sample

    241005-f1hbgasajg

  • MD5

    1651bcc888424d427c01013e8e798903

  • SHA1

    9c41ee9dcfc7aef934bda221c5713598a8353107

  • SHA256

    c13d67f1836cacca25cf768824de9f481d6cc3e862bcae2bb0e086189cecd03d

  • SHA512

    89e3953e7de2f82182ce485d6840693591235bf9a4d58f558d0fee992d74c9ffe8dbf4154f80ad85a19702181475eb478c90f3eb29c345070ebacead6bb9e997

  • SSDEEP

    3072:x4yriLc3IcqB0NljYUvfT/SmNp94Z7yifCKXZ5q1n3hApWQrIcH2zAn:1uLRcZBPvukp4lCKXZ5q1Rqr

Malware Config

Targets

    • Target

      1651bcc888424d427c01013e8e798903_JaffaCakes118

    • Size

      178KB

    • MD5

      1651bcc888424d427c01013e8e798903

    • SHA1

      9c41ee9dcfc7aef934bda221c5713598a8353107

    • SHA256

      c13d67f1836cacca25cf768824de9f481d6cc3e862bcae2bb0e086189cecd03d

    • SHA512

      89e3953e7de2f82182ce485d6840693591235bf9a4d58f558d0fee992d74c9ffe8dbf4154f80ad85a19702181475eb478c90f3eb29c345070ebacead6bb9e997

    • SSDEEP

      3072:x4yriLc3IcqB0NljYUvfT/SmNp94Z7yifCKXZ5q1n3hApWQrIcH2zAn:1uLRcZBPvukp4lCKXZ5q1Rqr

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks