General

  • Target

    0e5ed4838e129c78f69e7037f34505ea_JaffaCakes118

  • Size

    105KB

  • Sample

    240625-rhf68svaqe

  • MD5

    0e5ed4838e129c78f69e7037f34505ea

  • SHA1

    18996735e03f5a8e614f3dac5c825cf0d667fe78

  • SHA256

    0bf5e5e8e5121f7ab20d5395dacd8a737da18824fc1290869762611f0404ea39

  • SHA512

    cc5bedcea7c5e39645f410ead14738ec363a0b156b479ac69ccda40abcb3103871b68f338f15a509e8d6e6bf976525dfc9c21dff630de632eed52564e8d595f1

  • SSDEEP

    3072:vDSKiauBZz/DhceNw1OTw+XIU5jwaaHw7Koj4rBw:rSKbwhdcqYIhXNA

Malware Config

Targets

    • Target

      0e5ed4838e129c78f69e7037f34505ea_JaffaCakes118

    • Size

      105KB

    • MD5

      0e5ed4838e129c78f69e7037f34505ea

    • SHA1

      18996735e03f5a8e614f3dac5c825cf0d667fe78

    • SHA256

      0bf5e5e8e5121f7ab20d5395dacd8a737da18824fc1290869762611f0404ea39

    • SHA512

      cc5bedcea7c5e39645f410ead14738ec363a0b156b479ac69ccda40abcb3103871b68f338f15a509e8d6e6bf976525dfc9c21dff630de632eed52564e8d595f1

    • SSDEEP

      3072:vDSKiauBZz/DhceNw1OTw+XIU5jwaaHw7Koj4rBw:rSKbwhdcqYIhXNA

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks