General

  • Target

    0d5728da0dd4642308cf720d9dd28dca_JaffaCakes118

  • Size

    127KB

  • Sample

    240625-j5anza1glk

  • MD5

    0d5728da0dd4642308cf720d9dd28dca

  • SHA1

    43c5e302fd03a2b5bca3913880c5ac45f7e8cb1a

  • SHA256

    d2252a26a972cc800d3106fc4bb3099ff103702299f072fb83bbf1d5126ce1c8

  • SHA512

    639557a6895e12c6ba137f46b77d36635fa060d318d9c88d63c8d081fdeb63ee7e56dd13999f331e2142281b0652a893e975e867aacea691357aaea0a14f6d84

  • SSDEEP

    1536:quJ9napZA688eCfvKHKwofEzmc8+PgyAn/eChsje37XnNqWQXehkkbG7nOBysU3:lyq6NeC3Umhy+elq37Xn0oVqO43

Malware Config

Targets

    • Target

      0d5728da0dd4642308cf720d9dd28dca_JaffaCakes118

    • Size

      127KB

    • MD5

      0d5728da0dd4642308cf720d9dd28dca

    • SHA1

      43c5e302fd03a2b5bca3913880c5ac45f7e8cb1a

    • SHA256

      d2252a26a972cc800d3106fc4bb3099ff103702299f072fb83bbf1d5126ce1c8

    • SHA512

      639557a6895e12c6ba137f46b77d36635fa060d318d9c88d63c8d081fdeb63ee7e56dd13999f331e2142281b0652a893e975e867aacea691357aaea0a14f6d84

    • SSDEEP

      1536:quJ9napZA688eCfvKHKwofEzmc8+PgyAn/eChsje37XnNqWQXehkkbG7nOBysU3:lyq6NeC3Umhy+elq37Xn0oVqO43

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks