General

  • Target

    0e5c792beac4688855f7b1546d77d7fa_JaffaCakes118

  • Size

    109KB

  • Sample

    240625-rfw5nsxdkj

  • MD5

    0e5c792beac4688855f7b1546d77d7fa

  • SHA1

    9c0b2575945349994d541b88584ec188e994e7d6

  • SHA256

    9bfdecb3b2352f79da808e09402dfce008c0e14e5be6a13d0709a7a2e11de6fb

  • SHA512

    0cd8ff79c13afd7079cf8faa5a1840c0ee24d3835e7641b1430012564571edcc39e0d53095cc38988f6cafd78ca0ada3e19e84c88086555ccee13a212fdc02f7

  • SSDEEP

    3072:jgeWPCmabC3YUSlr6WzA9dLy/R5jwaaHw7Koj4rX/ej:c4PtUSlrdydm/v

Malware Config

Targets

    • Target

      0e5c792beac4688855f7b1546d77d7fa_JaffaCakes118

    • Size

      109KB

    • MD5

      0e5c792beac4688855f7b1546d77d7fa

    • SHA1

      9c0b2575945349994d541b88584ec188e994e7d6

    • SHA256

      9bfdecb3b2352f79da808e09402dfce008c0e14e5be6a13d0709a7a2e11de6fb

    • SHA512

      0cd8ff79c13afd7079cf8faa5a1840c0ee24d3835e7641b1430012564571edcc39e0d53095cc38988f6cafd78ca0ada3e19e84c88086555ccee13a212fdc02f7

    • SSDEEP

      3072:jgeWPCmabC3YUSlr6WzA9dLy/R5jwaaHw7Koj4rX/ej:c4PtUSlrdydm/v

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks