General

  • Target

    0e8b7284c721e2c8b7b7532da050a55a_JaffaCakes118

  • Size

    216KB

  • Sample

    240625-snj1razgnq

  • MD5

    0e8b7284c721e2c8b7b7532da050a55a

  • SHA1

    6840eac06df931808ce7c0f21b90129e8f2dcc6d

  • SHA256

    2f5eb4b47c76941b43df6ce404bedcd77f10e4fdfa1cc351d201f24de9589f7b

  • SHA512

    b1d334af757639549d97f63bf9711ca59ff5a20129ab111141d0e71718fec8427a38d2902a62415b531bb3ee7165dca5a3c53ba0f433f7015f9d753516a05d2a

  • SSDEEP

    3072:hp7vf4zHXP4Zq5b/S5JgqcOwJLgTN4/6oSyOXSZOz9KBVEpEE:Mz/aUK5JgqcOwOTeSycSZOzUQpf

Malware Config

Targets

    • Target

      0e8b7284c721e2c8b7b7532da050a55a_JaffaCakes118

    • Size

      216KB

    • MD5

      0e8b7284c721e2c8b7b7532da050a55a

    • SHA1

      6840eac06df931808ce7c0f21b90129e8f2dcc6d

    • SHA256

      2f5eb4b47c76941b43df6ce404bedcd77f10e4fdfa1cc351d201f24de9589f7b

    • SHA512

      b1d334af757639549d97f63bf9711ca59ff5a20129ab111141d0e71718fec8427a38d2902a62415b531bb3ee7165dca5a3c53ba0f433f7015f9d753516a05d2a

    • SSDEEP

      3072:hp7vf4zHXP4Zq5b/S5JgqcOwJLgTN4/6oSyOXSZOz9KBVEpEE:Mz/aUK5JgqcOwOTeSycSZOzUQpf

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks