General

  • Target

    0ce693e05dec6245b7435a024fcd36b2_JaffaCakes118

  • Size

    140KB

  • Sample

    240625-gle38stdjf

  • MD5

    0ce693e05dec6245b7435a024fcd36b2

  • SHA1

    b7d6b0b38b59901e24f38c27ff6755937bca11e6

  • SHA256

    19a8bf385291d1e2f96febffe0a35cc4546cb2e1d677f4e786feabfe91fb67eb

  • SHA512

    94e8843c97945227589ce517877b4fe57991acf125313b40851efd05f71c67b2c4534ecedc0cc4ee7625119143874a683831384c6da73f6f1623ba480f9668b0

  • SSDEEP

    3072:dF/UgaKuVIAMAYk9MZflw8ddddddddddddddddddddddJrrrttZGDuqvxL20p:DJWVIApm/ddddddddddddddddddddddy

Malware Config

Targets

    • Target

      0ce693e05dec6245b7435a024fcd36b2_JaffaCakes118

    • Size

      140KB

    • MD5

      0ce693e05dec6245b7435a024fcd36b2

    • SHA1

      b7d6b0b38b59901e24f38c27ff6755937bca11e6

    • SHA256

      19a8bf385291d1e2f96febffe0a35cc4546cb2e1d677f4e786feabfe91fb67eb

    • SHA512

      94e8843c97945227589ce517877b4fe57991acf125313b40851efd05f71c67b2c4534ecedc0cc4ee7625119143874a683831384c6da73f6f1623ba480f9668b0

    • SSDEEP

      3072:dF/UgaKuVIAMAYk9MZflw8ddddddddddddddddddddddJrrrttZGDuqvxL20p:DJWVIApm/ddddddddddddddddddddddy

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks