General

  • Target

    11cd3c605893ceb762c0364d2a69c431_JaffaCakes118

  • Size

    120KB

  • Sample

    240626-na5yvavcrr

  • MD5

    11cd3c605893ceb762c0364d2a69c431

  • SHA1

    8f4818fe01dbffb7e8562c0d462c4ca9012bb0a0

  • SHA256

    1e3df6f32d7441c3d164b8a46b975fe66f1636a656b0bb5c4e1e1f69bc384e22

  • SHA512

    233ea0ea1a44c5588311691876b5ca571edc8ac806b95501d829ab8ad55a46a34a1e20a254b36e25768f570e99f4b6e14d92d1951567f55cc0c158f86dc815c3

  • SSDEEP

    3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rIPQFy:83z+svb1uzPQFy

Malware Config

Targets

    • Target

      11cd3c605893ceb762c0364d2a69c431_JaffaCakes118

    • Size

      120KB

    • MD5

      11cd3c605893ceb762c0364d2a69c431

    • SHA1

      8f4818fe01dbffb7e8562c0d462c4ca9012bb0a0

    • SHA256

      1e3df6f32d7441c3d164b8a46b975fe66f1636a656b0bb5c4e1e1f69bc384e22

    • SHA512

      233ea0ea1a44c5588311691876b5ca571edc8ac806b95501d829ab8ad55a46a34a1e20a254b36e25768f570e99f4b6e14d92d1951567f55cc0c158f86dc815c3

    • SSDEEP

      3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rIPQFy:83z+svb1uzPQFy

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks