General

  • Target

    122d830e707c4e877d9c8cb5b1212e9e_JaffaCakes118

  • Size

    240KB

  • Sample

    240626-q1tdvazejk

  • MD5

    122d830e707c4e877d9c8cb5b1212e9e

  • SHA1

    ae3ccb8292b34c99d71f0cc3f51329cbbcd2d7fc

  • SHA256

    7ce8a23f8e562a1c2bbbbff1d19ec03a403d32059501d89c273d0e6f5d7d4116

  • SHA512

    79c5fd8d49f05ec9ca8d21d79633ce9ca50f8a8a74acddd80c20448c9ab71743e82b50db07e4a4b1b529e7f9bc7039bf5c94cdcd2cc756b3d6e27519077fa3ab

  • SSDEEP

    3072:8RRSuEEFOZuswPjCEHpu35Vk6HSngrrlpjWHg40bfeNXDxkXFIyqQ4ZSA2Z8o:cRSXEFx5Hw3FN7RagXORQ+I

Malware Config

Targets

    • Target

      122d830e707c4e877d9c8cb5b1212e9e_JaffaCakes118

    • Size

      240KB

    • MD5

      122d830e707c4e877d9c8cb5b1212e9e

    • SHA1

      ae3ccb8292b34c99d71f0cc3f51329cbbcd2d7fc

    • SHA256

      7ce8a23f8e562a1c2bbbbff1d19ec03a403d32059501d89c273d0e6f5d7d4116

    • SHA512

      79c5fd8d49f05ec9ca8d21d79633ce9ca50f8a8a74acddd80c20448c9ab71743e82b50db07e4a4b1b529e7f9bc7039bf5c94cdcd2cc756b3d6e27519077fa3ab

    • SSDEEP

      3072:8RRSuEEFOZuswPjCEHpu35Vk6HSngrrlpjWHg40bfeNXDxkXFIyqQ4ZSA2Z8o:cRSXEFx5Hw3FN7RagXORQ+I

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks