General

  • Target

    11e194aa1ca2526cd50b8d423fc56287_JaffaCakes118

  • Size

    144KB

  • Sample

    240626-nvqdwswcnp

  • MD5

    11e194aa1ca2526cd50b8d423fc56287

  • SHA1

    419c4170caaf0a5477f590219c8cefcd883b0970

  • SHA256

    5484adfce88f6b952869b2e52242377d81feba366ca4db83e3dd1b5d94f1dccb

  • SHA512

    983b944e60595d5d1d307198b901f1a077528a3629638ddddc4d8a9965f3766fd67a8eb4ceb9465866eecc5c9e35e20e57e27fce2b7d4c10af063a8089c24551

  • SSDEEP

    3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r07zw:6EH7yig

Malware Config

Targets

    • Target

      11e194aa1ca2526cd50b8d423fc56287_JaffaCakes118

    • Size

      144KB

    • MD5

      11e194aa1ca2526cd50b8d423fc56287

    • SHA1

      419c4170caaf0a5477f590219c8cefcd883b0970

    • SHA256

      5484adfce88f6b952869b2e52242377d81feba366ca4db83e3dd1b5d94f1dccb

    • SHA512

      983b944e60595d5d1d307198b901f1a077528a3629638ddddc4d8a9965f3766fd67a8eb4ceb9465866eecc5c9e35e20e57e27fce2b7d4c10af063a8089c24551

    • SSDEEP

      3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r07zw:6EH7yig

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks