General

  • Target

    0dddb1f89d42058e644cbfba9bdfa9c3_JaffaCakes118

  • Size

    205KB

  • Sample

    240625-ndntqszbll

  • MD5

    0dddb1f89d42058e644cbfba9bdfa9c3

  • SHA1

    10abb30699583c1eb6c863f7ac95195bff89509d

  • SHA256

    5548cb1449df3b06f2a42f74d1c9f8a1afe9f24eb4a2b181fe02b7996cec48a5

  • SHA512

    33b55fd6a63bbca5e13177fbcdc2a91fe790529cbefe9bd7590e50937ac4d1a419d21388bfb48e31a5f0a63c17812be2e12715bc835ce3107973d59a130365fb

  • SSDEEP

    6144:OZHNEO2jFlcaRds9Vwu6/EvyFf8bHVQSbH05G:OLEOcFl3I2005G

Malware Config

Targets

    • Target

      0dddb1f89d42058e644cbfba9bdfa9c3_JaffaCakes118

    • Size

      205KB

    • MD5

      0dddb1f89d42058e644cbfba9bdfa9c3

    • SHA1

      10abb30699583c1eb6c863f7ac95195bff89509d

    • SHA256

      5548cb1449df3b06f2a42f74d1c9f8a1afe9f24eb4a2b181fe02b7996cec48a5

    • SHA512

      33b55fd6a63bbca5e13177fbcdc2a91fe790529cbefe9bd7590e50937ac4d1a419d21388bfb48e31a5f0a63c17812be2e12715bc835ce3107973d59a130365fb

    • SSDEEP

      6144:OZHNEO2jFlcaRds9Vwu6/EvyFf8bHVQSbH05G:OLEOcFl3I2005G

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks