General

  • Target

    0edc80f21a18294fe9bcef0c87d6efdf_JaffaCakes118

  • Size

    160KB

  • Sample

    240625-vl4ngssckf

  • MD5

    0edc80f21a18294fe9bcef0c87d6efdf

  • SHA1

    51f53adf38b2829e151fdfe40f7ef6782d6e2415

  • SHA256

    b1600d7d90c90cbe11c78612e72a04be63bcc44689be94235bc037a536947d70

  • SHA512

    caef2f30d2b315c1a650d341f0c3238151cfeb1d7b7df170d052608921e0273e6a48348460030586c79174ab4a226a43b4a72ea7ebd9d9a60f33c5892e08c4c1

  • SSDEEP

    3072:N6BQCxxGkt95ou011o9a3aTMCAROCOHDaGJ+aN336MdMfLirkQW0/nyypS:0QCxxGkt96R1QMaAlROCOjafUqqULirV

Malware Config

Targets

    • Target

      0edc80f21a18294fe9bcef0c87d6efdf_JaffaCakes118

    • Size

      160KB

    • MD5

      0edc80f21a18294fe9bcef0c87d6efdf

    • SHA1

      51f53adf38b2829e151fdfe40f7ef6782d6e2415

    • SHA256

      b1600d7d90c90cbe11c78612e72a04be63bcc44689be94235bc037a536947d70

    • SHA512

      caef2f30d2b315c1a650d341f0c3238151cfeb1d7b7df170d052608921e0273e6a48348460030586c79174ab4a226a43b4a72ea7ebd9d9a60f33c5892e08c4c1

    • SSDEEP

      3072:N6BQCxxGkt95ou011o9a3aTMCAROCOHDaGJ+aN336MdMfLirkQW0/nyypS:0QCxxGkt96R1QMaAlROCOjafUqqULirV

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks