General

  • Target

    0f2ab21a9c14727f55f2a28502b166f8_JaffaCakes118

  • Size

    168KB

  • Sample

    240625-xm2xdszbkk

  • MD5

    0f2ab21a9c14727f55f2a28502b166f8

  • SHA1

    bd4e12bf54facdca591c7b0ae2327100a20cadf3

  • SHA256

    b1792fed2e4e7e22c7b0366c124c693ee1c2609d731dd5486260985d807529f5

  • SHA512

    332e0e5271ceb55db68047e8a2fada30d07064d44fdbaf30695ea899b125e75ed0a6048cbfd7437693e57595eb3a95bdca586789d24c5ee3b0448c21e81e1bd1

  • SSDEEP

    1536:38MmInHlQm0BfYPV+W8tb+FV9zxE6/kuxH6ale569oAAoUkq+mHNB7W5hiqzXF+5:wcgq+W8tSFVEsPHJlEdtB7W5vJpLnAP

Malware Config

Targets

    • Target

      0f2ab21a9c14727f55f2a28502b166f8_JaffaCakes118

    • Size

      168KB

    • MD5

      0f2ab21a9c14727f55f2a28502b166f8

    • SHA1

      bd4e12bf54facdca591c7b0ae2327100a20cadf3

    • SHA256

      b1792fed2e4e7e22c7b0366c124c693ee1c2609d731dd5486260985d807529f5

    • SHA512

      332e0e5271ceb55db68047e8a2fada30d07064d44fdbaf30695ea899b125e75ed0a6048cbfd7437693e57595eb3a95bdca586789d24c5ee3b0448c21e81e1bd1

    • SSDEEP

      1536:38MmInHlQm0BfYPV+W8tb+FV9zxE6/kuxH6ale569oAAoUkq+mHNB7W5hiqzXF+5:wcgq+W8tSFVEsPHJlEdtB7W5vJpLnAP

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks