General

  • Target

    5f03a75487908cb6837a220a4b052740_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241019-2h1wravfqp

  • MD5

    5f03a75487908cb6837a220a4b052740

  • SHA1

    e37d87b0a418839369ceb31287f9d21053317117

  • SHA256

    ccde612b87a4590d7691e3be0045f83308d688bd7977dd1a5a6b17a25e304e38

  • SHA512

    13fc308b9ffa6bce038dc4a578e5cae38a4626b8f7c71a5e2ae658c92417a04bc7b3c1d937231e1aa3e5737fbf3362f2833c85576cedfb88a8e9bde05b7ad6a4

  • SSDEEP

    12288:dMMpXKb0hNGh1kG0HWo+zU861w+VsLkjrVlQB9FbDTF53nlNFRpO50w9XCfyGjNx:dMMpXS0hN0V0HiS1w5

Malware Config

Targets

    • Target

      5f03a75487908cb6837a220a4b052740_JaffaCakes118

    • Size

      1.4MB

    • MD5

      5f03a75487908cb6837a220a4b052740

    • SHA1

      e37d87b0a418839369ceb31287f9d21053317117

    • SHA256

      ccde612b87a4590d7691e3be0045f83308d688bd7977dd1a5a6b17a25e304e38

    • SHA512

      13fc308b9ffa6bce038dc4a578e5cae38a4626b8f7c71a5e2ae658c92417a04bc7b3c1d937231e1aa3e5737fbf3362f2833c85576cedfb88a8e9bde05b7ad6a4

    • SSDEEP

      12288:dMMpXKb0hNGh1kG0HWo+zU861w+VsLkjrVlQB9FbDTF53nlNFRpO50w9XCfyGjNx:dMMpXS0hN0V0HiS1w5

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks