General

  • Target

    0f1d1de179d852e9296788a6e14e9766_JaffaCakes118

  • Size

    305KB

  • Sample

    240625-w8jr9swcka

  • MD5

    0f1d1de179d852e9296788a6e14e9766

  • SHA1

    ebf571e10a5926aa54afdc08e40482b21880646d

  • SHA256

    ea9cfeb6e144a60ac38cf952c874a903f21c43277a8445cc88e43d2cda8f4874

  • SHA512

    eb99b6ea0fc4cf3f5ebc2830d51ee20762661bdd4e632aea663b9b77d9950cadd5ccc5eeec85f562b2c2609d3f425d13dc85c388bd2826e9b1b240532198628b

  • SSDEEP

    6144:rp0ZRO8Aueh8nEh/8JCn+fb+a9pIxGjYpdpFCxVD87:wtAZh8nEhUJbyZGjYpD4xV

Malware Config

Targets

    • Target

      0f1d1de179d852e9296788a6e14e9766_JaffaCakes118

    • Size

      305KB

    • MD5

      0f1d1de179d852e9296788a6e14e9766

    • SHA1

      ebf571e10a5926aa54afdc08e40482b21880646d

    • SHA256

      ea9cfeb6e144a60ac38cf952c874a903f21c43277a8445cc88e43d2cda8f4874

    • SHA512

      eb99b6ea0fc4cf3f5ebc2830d51ee20762661bdd4e632aea663b9b77d9950cadd5ccc5eeec85f562b2c2609d3f425d13dc85c388bd2826e9b1b240532198628b

    • SSDEEP

      6144:rp0ZRO8Aueh8nEh/8JCn+fb+a9pIxGjYpdpFCxVD87:wtAZh8nEhUJbyZGjYpD4xV

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks