General

  • Target

    55bbe1b5769b28769e05e7cc9639a8fb_JaffaCakes118

  • Size

    5.1MB

  • Sample

    241018-f915yatakj

  • MD5

    55bbe1b5769b28769e05e7cc9639a8fb

  • SHA1

    82bb1313908628c7d04533429f0fa7079d8ec220

  • SHA256

    769b1d0481c9be5d081803067387786ab4d8164f56f7671d8f38932857c9f9a4

  • SHA512

    f8cab2fe124c546c05fbcb6a621029aa217551740cf951e40e11ead55a25d0eb092d16b847c2001686f966476367596225cab0d22659f4e24383ba5a7a961249

  • SSDEEP

    12288:dMMpXKb0hNGh1kG0HWo+PMMpXKb0hNGh1kG0HWo+0HmJmxhqYxhu:dMMpXS0hN0V0HgMMpXS0hN0V0Hs

Malware Config

Targets

    • Target

      55bbe1b5769b28769e05e7cc9639a8fb_JaffaCakes118

    • Size

      5.1MB

    • MD5

      55bbe1b5769b28769e05e7cc9639a8fb

    • SHA1

      82bb1313908628c7d04533429f0fa7079d8ec220

    • SHA256

      769b1d0481c9be5d081803067387786ab4d8164f56f7671d8f38932857c9f9a4

    • SHA512

      f8cab2fe124c546c05fbcb6a621029aa217551740cf951e40e11ead55a25d0eb092d16b847c2001686f966476367596225cab0d22659f4e24383ba5a7a961249

    • SSDEEP

      12288:dMMpXKb0hNGh1kG0HWo+PMMpXKb0hNGh1kG0HWo+0HmJmxhqYxhu:dMMpXS0hN0V0HgMMpXS0hN0V0Hs

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks