General
-
Target
1a351e907deae966141fe7575f17c053_JaffaCakes118
-
Size
220KB
-
Sample
240628-p7mzzatdkr
-
MD5
1a351e907deae966141fe7575f17c053
-
SHA1
ec5f68bbde00029efb31fb32748890dab418afbe
-
SHA256
c6c1de2aba94d50a9f4f5799fd35640985166985e69b916f0a426103d57407cf
-
SHA512
ff2038281cc5a4bdb1b59b93d79c858961d3c400c928d19db97dddab4b600f000230dda949603abc779e8c47e1b1e1a72cfcbe0fcb51b4ed02a5438727db9eba
-
SSDEEP
6144:9/mmNwlmUSWIY7vDDkTGei9zAFIzF5wXn6/+magVWL:9+mNwl6wvDDJ9UFILwLmagi
Malware Config
Targets
-
-
Target
1a351e907deae966141fe7575f17c053_JaffaCakes118
-
Size
220KB
-
MD5
1a351e907deae966141fe7575f17c053
-
SHA1
ec5f68bbde00029efb31fb32748890dab418afbe
-
SHA256
c6c1de2aba94d50a9f4f5799fd35640985166985e69b916f0a426103d57407cf
-
SHA512
ff2038281cc5a4bdb1b59b93d79c858961d3c400c928d19db97dddab4b600f000230dda949603abc779e8c47e1b1e1a72cfcbe0fcb51b4ed02a5438727db9eba
-
SSDEEP
6144:9/mmNwlmUSWIY7vDDkTGei9zAFIzF5wXn6/+magVWL:9+mNwl6wvDDJ9UFILwLmagi
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-