General

  • Target

    16fec4fff43b7d97cf47521bc17cd0f2_JaffaCakes118

  • Size

    854KB

  • Sample

    241005-kqak4azfrg

  • MD5

    16fec4fff43b7d97cf47521bc17cd0f2

  • SHA1

    3a1c8d342d7352cf72e98ca93ac414d84c1f6a2e

  • SHA256

    ac7a0771c5157960c2157f90a0fcb624f374cd58339f07a5989122f87a734b01

  • SHA512

    556c62856075b9dc96e881ec3d4212f2e0f00e7ef409cd2bd80a9bd5028322b93e56ef170c42855f67aed17381ea66ec3e214d0526425f2025c49e7851b8788a

  • SSDEEP

    12288:zS7DKckgkaGVVMtzgOKVokwnaVf5CPRoi2dE:QDR7kaGXMZwf5CPRo3d

Malware Config

Targets

    • Target

      16fec4fff43b7d97cf47521bc17cd0f2_JaffaCakes118

    • Size

      854KB

    • MD5

      16fec4fff43b7d97cf47521bc17cd0f2

    • SHA1

      3a1c8d342d7352cf72e98ca93ac414d84c1f6a2e

    • SHA256

      ac7a0771c5157960c2157f90a0fcb624f374cd58339f07a5989122f87a734b01

    • SHA512

      556c62856075b9dc96e881ec3d4212f2e0f00e7ef409cd2bd80a9bd5028322b93e56ef170c42855f67aed17381ea66ec3e214d0526425f2025c49e7851b8788a

    • SSDEEP

      12288:zS7DKckgkaGVVMtzgOKVokwnaVf5CPRoi2dE:QDR7kaGXMZwf5CPRo3d

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks