General

  • Target

    0dddb661d6e7e442d18091be7c098a1f_JaffaCakes118

  • Size

    139KB

  • Sample

    240625-ndqckazbln

  • MD5

    0dddb661d6e7e442d18091be7c098a1f

  • SHA1

    7e1c2b93616a82900cd7ffe5e923a7d739f23f23

  • SHA256

    c18e25beca4c2e81ff766bbfa843f6bce49af7c754b18fbd6022b750415300f9

  • SHA512

    40e42ab1803df2159c7a0e8c36c7e34ad32acf74aae1c8f3e04ce41394069555718622ea93f66242a31af27a6cd5d41638fd6afb3380366212f55a282d0cfb45

  • SSDEEP

    3072:lV9Sharag+n3uIIPhvpE6cXjA8iVUAWGaqqqBSpXuWMfujoMITjWl:lV9Si+3/EFpkXsDePGaqqqBmMfujP1

Malware Config

Targets

    • Target

      0dddb661d6e7e442d18091be7c098a1f_JaffaCakes118

    • Size

      139KB

    • MD5

      0dddb661d6e7e442d18091be7c098a1f

    • SHA1

      7e1c2b93616a82900cd7ffe5e923a7d739f23f23

    • SHA256

      c18e25beca4c2e81ff766bbfa843f6bce49af7c754b18fbd6022b750415300f9

    • SHA512

      40e42ab1803df2159c7a0e8c36c7e34ad32acf74aae1c8f3e04ce41394069555718622ea93f66242a31af27a6cd5d41638fd6afb3380366212f55a282d0cfb45

    • SSDEEP

      3072:lV9Sharag+n3uIIPhvpE6cXjA8iVUAWGaqqqBSpXuWMfujoMITjWl:lV9Si+3/EFpkXsDePGaqqqBmMfujP1

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks