General

  • Target

    0d1888d8cf25c90916c9894de5a888ac_JaffaCakes118

  • Size

    364KB

  • Sample

    240625-hfpwxsybrp

  • MD5

    0d1888d8cf25c90916c9894de5a888ac

  • SHA1

    865d449093230392f07cc3fa05534e743ea1f33d

  • SHA256

    03a2c1ce541195a79d2b313a6598e3f6c5d45d0d32e563d3e913f0367d14c758

  • SHA512

    9b5b90002a7ce319379b9e01afebe8b1f1c67565fa30c2a541e4c051e10b38bad433fa9e1ba4e0d2b91ae466ce4bbefaa01e4d1b733582c1e6d38ab873a20bf1

  • SSDEEP

    6144:hXT/KJNp0kKeZ8czpB61SK00Gw7bnOaIaWjoWzYAOxjpI:h/KxYczr613x7bnjImwYAOxjpI

Malware Config

Targets

    • Target

      0d1888d8cf25c90916c9894de5a888ac_JaffaCakes118

    • Size

      364KB

    • MD5

      0d1888d8cf25c90916c9894de5a888ac

    • SHA1

      865d449093230392f07cc3fa05534e743ea1f33d

    • SHA256

      03a2c1ce541195a79d2b313a6598e3f6c5d45d0d32e563d3e913f0367d14c758

    • SHA512

      9b5b90002a7ce319379b9e01afebe8b1f1c67565fa30c2a541e4c051e10b38bad433fa9e1ba4e0d2b91ae466ce4bbefaa01e4d1b733582c1e6d38ab873a20bf1

    • SSDEEP

      6144:hXT/KJNp0kKeZ8czpB61SK00Gw7bnOaIaWjoWzYAOxjpI:h/KxYczr613x7bnjImwYAOxjpI

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks